Why CAs or public keysigning?

David Shaw dshaw@jabberwocky.com
Wed Jun 18 18:53:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 18, 2003 at 12:22:25PM -0400, Dennis Lambe Jr. wrote:
> On Wed, 2003-06-18 at 11:08, Peter L. Smilde wrote:
> > My problem is different: even WHEN I trust that they have checked a
> > person, I cannot be sure that they checked the person I want to
> > communicate with. This problem occurs as soon as duplicate names are
> > possible.
> Without the WoT, I could be anyone.  With the WoT, I could be anyone
> named Dennis Lambe Jr.  The WoT does not completely eliminate the
> problem of misrepresentation, but it makes it millions of times less
> likely.

It's even better than that: you're not just anyone named Dennis Lambe
Jr - you're anyone named Dennis Lambe Jr with a particular email
address.  Including an email addresses (with few exceptions like
shared or role accounts) very effectively elimiates nearly all
possible name duplications.

It is true that many signers do not take the time to verify an email
address when signing.  This is unfortunate.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc