signing a robot's key - was: Re: Global Directory signatures
Mark H. Wood
mwood at IUPUI.Edu
Sat Jan 1 17:40:29 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 1 Jan 2005, Neil Williams wrote:
> But you cannot do that, you cannot prove to me that it is that key. There is
> no way that I can verify the key because I cannot verify the UID. As David
> said, it is trivial to create yet another PGP Global Directory Verification
> Key - how can you prove which one is 'real'? As it would be my own key,
> created under false pretences, I could introduce it to PGP GD and sign
> whatever I wanted with it.
So, looking up PGP Corporation in the phone book, calling their corporate
headquarters, and verifying the fingerprint with a person wouldn't help?
- --
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Open-source executable: $0.00. Source: $0.00 Control: priceless!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD8DBQFB1tKDs/NR4JuTKG8RAoqOAJ4puwcVldS5k2CMETCEht10TWeQagCfbEfK
IteOwkjbRZKqeFNoV72J5lQ=
=phYY
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list