Virtual Keysignings
David Shaw
dshaw@jabberwocky.com
Fri Jun 6 15:22:02 2003
--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jun 06, 2003 at 09:20:42AM +0200, Adrian 'Dagurashibanipal' von Bid=
der wrote:
> On Thursday 05 June 2003 22:52, Adam ENDRODI wrote:
>=20
> > I mean the following. An ID card provides a binding between you
> > and your name. But what about the e-mail address, which is
> > included in my uid as well? The ID card doesn't tell anything
> > about it.
>=20
> I usually send the key in an encrypted email to the email address in the=
=20
> userid, I think this takes care of this problem. The poeple who have enou=
gh=20
> criminal energy to attack this could with very high probability also fool=
me=20
> with a fake ID card. Do you know what a Swiss ID card exactly looks like?=
At=20
> least I don't know how a Hungarian ID card is supposed to look like...
Note that you don't really need to send an encrypted mail. Sending a
challenge to be signed by the user "proves" they control the secret
key.
I usually send the challenges encrypted as well, but that is just for
a little privacy. If the user has a sign-only key, obviously I can't
do this.
David
--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iD8DBQE+4JW94mZch0nhy8kRAspDAJ0YBf9xaQjsM6TfcmFffP0sP68ihgCgtu9N
Z2rpVXLVKvB6Scz2fRK4Oj4=
=+KM4
-----END PGP SIGNATURE-----
--KsGdsel6WgEHnImy--