Why CAs or public keysigning?

Eugene Smiley eugene@esmiley.net
Wed Jun 18 18:12:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter wrote:
> My problem is different: even WHEN I trust that they have =
checked
> a person, I cannot be sure that they checked the person I =
want to
> communicate with.

That's why keysignings are important. The more signatures that =
are
made, the closer everyone gets to each other.

> This problem occurs as soon as duplicate names are possible.
>
> A CA that convinces me to sign only completely (or very =
likely)
> unique UIDs (even unique for persons that are not yet =
registered
> by the CA, otherwise I might send my secrets to the registered
> person, although I expected to send it to the unregistered =
one)
> is OK, but most (OpenPGP-)CAs don't make such statements.

Unique UID's would be next to impossible to enforce regardless =
of
whether a CA is used or not.

I'm curious. How often do you need to send an encrypted message=
 to
someone that you have never previously been in communication =
with?
I only encrypt to those who have previously requested it, in =
which
case I already know what key they want me to use.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92

iD8DBQE+8I+r6QPtAqft/S8RAlFoAJ9pnTxRXqIEJgUIntBGXwcCreS31wCgyMEL
eN/VsfKqhxvEHoUv4AjgJUE=3D
=3D1Dok
-----END PGP SIGNATURE-----