Why CAs or public keysigning?
J Irving
j@erf.sh
Wed Jun 18 21:38:03 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
2003.06.18 @ 12:36 -0700
* "Juan F. Codagnone" <juam@arnet.com.ar> [2003.06.18 16:16 -0300]:
> On Wednesday 18 June 2003 13:44, Kyle Hasselbacher wrote:
> ...
> > Do I understand this correctly? The situation you're talking about is:
> >
> > - I want to communicate with Peter Smilde (e.g.)
> > - I get a key that says "Peter Smilde" on it.
> > - It's signed by someone I trust (e.g., a CA)
> > - The key belongs to a REAL Peter Smilde who is NOT the one I intend.
> > - The problem is...
> > - I send this stranger private info meant for the intended Peter Smilde.
> > - A message meant for the intended Peter Smilde fails to get there.
>
> aka WoT used as the white pages :)
Also, it's because the Web of Trust is a protocol for "Web" which
never defines "Trust." This isn't particular to the WoT btw,
it's endemic to information security.
/me ducks
- --
I must review my disbelief in angels.
-----BEGIN PGP SIGNATURE-----
iD8DBQE+8L+3UMt2z+iZNdMRAtRyAJ483usADawdWGtKmgFTQ1xtmHBJWgCfRoXS
0VVfwNgwJT3uGcdDVe+9Tk0=
=u3o0
-----END PGP SIGNATURE-----