Why CAs or public keysigning?
Wed Jun 18 21:38:03 2003
-----BEGIN PGP SIGNED MESSAGE-----
2003.06.18 @ 12:36 -0700
* "Juan F. Codagnone" <email@example.com> [2003.06.18 16:16 -0300]:
> On Wednesday 18 June 2003 13:44, Kyle Hasselbacher wrote:
> > Do I understand this correctly? The situation you're talking about is:
> > - I want to communicate with Peter Smilde (e.g.)
> > - I get a key that says "Peter Smilde" on it.
> > - It's signed by someone I trust (e.g., a CA)
> > - The key belongs to a REAL Peter Smilde who is NOT the one I intend.
> > - The problem is...
> > - I send this stranger private info meant for the intended Peter Smilde.
> > - A message meant for the intended Peter Smilde fails to get there.
> aka WoT used as the white pages :)
Also, it's because the Web of Trust is a protocol for "Web" which
never defines "Trust." This isn't particular to the WoT btw,
it's endemic to information security.
I must review my disbelief in angels.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----