Why CAs or public keysigning?

David Shaw dshaw@jabberwocky.com
Wed Jun 18 18:53:02 2003


--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 18, 2003 at 12:22:25PM -0400, Dennis Lambe Jr. wrote:
> On Wed, 2003-06-18 at 11:08, Peter L. Smilde wrote:
> > My problem is different: even WHEN I trust that they have checked a
> > person, I cannot be sure that they checked the person I want to
> > communicate with. This problem occurs as soon as duplicate names are
> > possible.
>=20
> Without the WoT, I could be anyone.  With the WoT, I could be anyone
> named Dennis Lambe Jr.  The WoT does not completely eliminate the
> problem of misrepresentation, but it makes it millions of times less
> likely.

It's even better than that: you're not just anyone named Dennis Lambe
Jr - you're anyone named Dennis Lambe Jr with a particular email
address.  Including an email addresses (with few exceptions like
shared or role accounts) very effectively elimiates nearly all
possible name duplications.

It is true that many signers do not take the time to verify an email
address when signing.  This is unfortunate.

David

--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE+8Jkn4mZch0nhy8kRAhORAJ9k6GjYgAG77gC/b6f4WPbe0twlgACbBmKi
CDbhXvcjvc+oiGlRaojHJns=
=itXE
-----END PGP SIGNATURE-----

--9jxsPFA5p3P2qPhR--