gpg certificate authorities

JanuszA.Urbanowicz JanuszA.Urbanowicz
Mon Feb 18 16:05:01 2002


Douglas Calvert wrote/napisa=B3[a]/schrieb:
>  I am sure this has been discussed before but here goes. Why are there
> not gpg certificate authorities that will verify someones identity? If
> there are places like thawte why not the same thing for openpgp?

Thawte once did signing of PGP keys (although I've been successful only in
signing my RSA key with them, not the D-H).=20

The problem is more social than technical - to have working CAs, they must
be CAs that most people in the web of trust trust. This leads to two
problems: how to gain the trust, and, more technical - how many people who
use PGP you know actually manage the trust database?

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20