key-signing for pseudonyms
thomas at northernsecurity.net
Mon May 17 16:50:13 CEST 2004
On Sun, May 16, 2004 at 06:35:18PM -0400, Atom 'Smasher' wrote:
> so, if i'm at a conference and i want to exchange key signatures with
> people, i can prove that i currently control this email address and key by
> sending some secrets back and forth.... not a problem... but if i want to
> "prove" that i'm atom smasher...?? that could be tough....
maybe the only solution is then to try to organize av physical web of
trust; i know X, X knows Y, Y knows Z, Z knows you. but i guess you have
to belive the "six degrees of seperation"-theory for that to work.
> and the weird thing is that the key-signing how-to guides go into detail
> about verifying the fingerprint and name... that's only 2/3 of identifying
> a key! in my situation, i can easily confirm 2/3 (email and fingerprint),
> but it's not the 2/3 that most people are trained to look for.
imho the 2/3 you have as an example (email and fingerprint) isn't as
valuable as the 2/3 most people check (id and fingerprint). primary
because an email isn't usually printed on a goverment issued photo-id.
== thomas at northernsecurity.net | thomas at se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040517/699e6ebd/attachment.bin
More information about the Gnupg-users