signing keys

Davide Cavallari
Mon Jan 28 19:22:01 2002

On Mon, Jan 28, 2002 at 11:43:16AM -0500, Frank Tobin wrote:
> The  bit you  are missing  is  the possible  long-standing 'history'  of
> signed  messages from  a person.  Sure, you  can spoof  once or  several
> times, trying to  get people to think your intended  victim Vik uses the
> key 0x00000000,  but you can't erase  the possible years of  history Vik
> has  of  posting  messages  to  well-known lists  using  his  true  key,
> 0x11111111. By  analyzing this history well,  it will be much  harder to
> fool people.

You know, I'm just new to openPGP. If  I want a friend of mine to securely
sign my  public key I  think she should  call me over  the phone as  it is
explained in the original Zimmermann's manual. She cannot completely trust
the information gained  from my 'X-PGP' headers, since in  this case there
is no 'history' at all.
    Davide Cavallari                
Experience is not what happens to you; it is what you do with what happens
to you.
		-- Aldous Huxley