Why CAs or public keysigning?

CL Gilbert Lamont_Gilbert@RigidSoftware.com
Thu Jun 19 16:06:12 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think you need to find the person before you start looking for his
key, not the other way around.

PGP is used to authenticate a person to a standard.  YOU must set that
standard.  Holding a key, with no standard to compare against it is not
beneficial.

To your question.  A general CA is useless.  An organization wide CA is
much more usefull since the standard of identification is set by the
organization for all involved.  The WoT is based on heresay, and as such
I wouldn't rely on it for any serious legally binding issues.



- --
Thank you,


CL Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+8cNPVbJM14DSCi0RAlbiAKDx0iyVA5FV2FE9wD+Jyc/2yub4twCfVg0G
OBsViXtow8pgBJsd3Iljvkg=
=P2W3
-----END PGP SIGNATURE-----