The disadvantages of online KSP
Florian Weimer
fw at deneb.enyo.de
Sat Dec 25 22:10:37 CET 2004
* Ben Branders:
> Yes, of course. But even if you do meet them in real life, how can you
> ever be sure? If, for example, someone uses a nickname for his e-mailadres
> and his key, how can you check if he really 'owns' that nickname.
You don't sign such things. It's a simple matter of policy. You only
mark keys as trusted if you the key holder follows the same policy.
> How does OpenPGP take care of that? Or am I forgetting something in my
> little story here?
It doesn't. OpenPGP only specifies a transport format, and hardly any
semantics. Implementations enforce some semantics (and sometimes,
they disagree), others a matter of the policy the users choose to
follow. This is both the strength and weakness of OpenPGP, compared
to X.509.
More information about the Gnupg-users
mailing list