Why CAs or public keysigning?
Wed Jun 18 18:12:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
> My problem is different: even WHEN I trust that they have =
> a person, I cannot be sure that they checked the person I =
> communicate with.
That's why keysignings are important. The more signatures that =
made, the closer everyone gets to each other.
> This problem occurs as soon as duplicate names are possible.
> A CA that convinces me to sign only completely (or very =
> unique UIDs (even unique for persons that are not yet =
> by the CA, otherwise I might send my secrets to the registered
> person, although I expected to send it to the unregistered =
> is OK, but most (OpenPGP-)CAs don't make such statements.
Unique UID's would be next to impossible to enforce regardless =
whether a CA is used or not.
I'm curious. How often do you need to send an encrypted message=
someone that you have never previously been in communication =
I only encrypt to those who have previously requested it, in =
case I already know what key they want me to use.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92
-----END PGP SIGNATURE-----