How do you know someone is who they say they are?
Mon Mar 17 15:58:01 2003
Assume that foo creates a key pair and exports it to a keyserver. Assume
also that bar, in an attempt to impersonate foo, creates a user on their
system with identical GECOS information. How would I verify that bar's
key is in fact forged, and further that foo isn't trying to impersonate
bar, and so forth?
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
-----END PGP SIGNATURE-----