How do you know someone is who they say they are?

[Christopher Nehren]

--=-JKXwbwxFD1F+EAcWAguF
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Assume that foo creates a key pair and exports it to a keyserver. Assume
also that bar, in an attempt to impersonate foo, creates a user on their
system with identical GECOS information. How would I verify that bar's
key is in fact forged, and further that foo isn't trying to impersonate
bar, and so forth?

--=-JKXwbwxFD1F+EAcWAguF
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQA+deLVUdqurN0fljsRAmM9AKDCPOWnoA5lqWNaxdCNX9zznPrGiQCghUJy
8RrhtoIf95kEpbLS5qEuK0s=
=ie/t
-----END PGP SIGNATURE-----

--=-JKXwbwxFD1F+EAcWAguF--