Mon Jan 28 19:22:01 2002
On Mon, Jan 28, 2002 at 11:43:16AM -0500, Frank Tobin wrote:
> The bit you are missing is the possible long-standing 'history' of
> signed messages from a person. Sure, you can spoof once or several
> times, trying to get people to think your intended victim Vik uses the
> key 0x00000000, but you can't erase the possible years of history Vik
> has of posting messages to well-known lists using his true key,
> 0x11111111. By analyzing this history well, it will be much harder to
> fool people.
You know, I'm just new to openPGP. If I want a friend of mine to securely
sign my public key I think she should call me over the phone as it is
explained in the original Zimmermann's manual. She cannot completely trust
the information gained from my 'X-PGP' headers, since in this case there
is no 'history' at all.
Experience is not what happens to you; it is what you do with what happens
-- Aldous Huxley