Why CAs or public keysigning?
Wed Jun 18 18:53:02 2003
Content-Type: text/plain; charset=us-ascii
On Wed, Jun 18, 2003 at 12:22:25PM -0400, Dennis Lambe Jr. wrote:
> On Wed, 2003-06-18 at 11:08, Peter L. Smilde wrote:
> > My problem is different: even WHEN I trust that they have checked a
> > person, I cannot be sure that they checked the person I want to
> > communicate with. This problem occurs as soon as duplicate names are
> > possible.
> Without the WoT, I could be anyone. With the WoT, I could be anyone
> named Dennis Lambe Jr. The WoT does not completely eliminate the
> problem of misrepresentation, but it makes it millions of times less
It's even better than that: you're not just anyone named Dennis Lambe
Jr - you're anyone named Dennis Lambe Jr with a particular email
address. Including an email addresses (with few exceptions like
shared or role accounts) very effectively elimiates nearly all
possible name duplications.
It is true that many signers do not take the time to verify an email
address when signing. This is unfortunate.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----