Sun Jun 8 21:00:06 2003
On Sunday 08 June 2003 15:05, CL Gilbert wrote:
> I think the difference would be that I admit I am no notary public.=20
> But others do not. Is a drivers license good enough for you?
No. I wouldn't accept a driver's license. But I would accept a passport.=20
Of course, it would probably be easy to fool me with a foreign=20
(non-German) passport because I don't know what most foreign passports=20
look like it.
> they can be faked you know.
Every official document can be forged so that a layman can't tell the=20
difference. But are signatures on an OpenPGP key worth the risk?
> Do you have any training on determining fakes?
> What good is a first and last name to you anyway? Their are 1000s of
> people with the same. Its only important that the carl gilbert that
> paid you for the work, is the carl gilbert you give the work too. At
> least I think so.=20
You forgot the email address. Together with the email address you get a=20
one-to-one relation between keys and people (at least for those keys=20
that have a signature you trust).
Let's say I want to contact the Carl Gilbert who works at Rigid=20
Software. At the website of this company I find Carl's email address.=20
Unless I also find Carl's OpenPGP key on the company's website, I then=20
look for his key on the keyservers. If I now find one or more keys then=20
I check the signatures of those keys. If there's a key that is signed=20
by someone I trust then I assume that I found the correct key. That's=20
exactly how the web of trust works. It allows me to use keys that have=20
been signed by people I trust. I don't have to check all keys myself.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----