Why CAs or public keysigning?

Ty C. Mixon tymanthius@usa.net
Fri Jun 20 21:33:02 2003


--=-svZHFjxO2Ele7p8N6iu1
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi group!  I've been lurking a while.

On Fri, 2003-06-20 at 14:01, David Shaw wrote:

[snip]


> As I said, then, in your case signature levels don't help you much.
>=20
> > Anything less than absolute security is absolute insecurity.
>=20
> Not at all true.
>=20
> David

I have to agree with David here.  The first thing you learn about
security is it's a myth.  The only way to keep a secret is to never tell
it, that kind of thing.  Second, you can know that I trust person A with
some things (company info for instance), but I sure as hell wouldn't
trust them if I was having an affair.

So by Gilbert's definition, person A is completely insecure for
information storage. =20

And don't try to tell me it's not the same thing b/c from what I've been
reading, this is all about WHO you can trust, not about the technology
of security.  If I'm wrong on that then my whole argument goes out the
window.


> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3rc1 (GNU/Linux)
> Comment: Key available at http://www.jabberwocky.com/david/keys.asc
>=20
> iD8DBQE+81n54mZch0nhy8kRAlhhAKCMVqAXB9s7c2XR0hLbyJQqqpnITwCeODkW
> sEKbkdbYY00P/qXTh/Tg1YY=3D
> =3DVzA1
> -----END PGP SIGNATURE-----
>=20
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>=20

--=-svZHFjxO2Ele7p8N6iu1
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA+82Gnkt3DZa1v/9ARAkUMAJ92X70BASkfIMxYtXljN+O5nnuozgCfX2DT
GkU6oLSQr+OdAFLphGhfCL0=
=0sWV
-----END PGP SIGNATURE-----

--=-svZHFjxO2Ele7p8N6iu1--