Why CAs or public keysigning?
Peter L. Smilde
peter.smilde@smilde-becker.net
Wed Jun 18 17:07:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The problem I stated was not: "Do I trust the signers of a key". For
this problem I assume I DO TRUST the CA or at least some of the keyparty
signers. So I believe they have checked the ID of the person carefully.
My problem is different: even WHEN I trust that they have checked a
person, I cannot be sure that they checked the person I want to
communicate with. This problem occurs as soon as duplicate names are
possible.
A CA that convinces me to sign only completely (or very likely) unique
UIDs (even unique for persons that are not yet registered by the CA,
otherwise I might send my secrets to the registered person, although I
expected to send it to the unregistered one) is OK, but most
(OpenPGP-)CAs don't make such statements.
- --
Peter L. Smilde
Budenheim, Germany
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+8IByFCtQzrDkv5kRAvs8AKCfvSpNcXshLUYmxdOb/oznYIEDfQCeNZqd
PpzdJaBXiWaohJz+25qzza4=
=CBwR
-----END PGP SIGNATURE-----