signing a robot's key - was: Re: Global Directory signatures

Johan Wevers johanw at vulcan.xs4all.nl
Sun Jan 2 20:09:13 CET 2005


Neil Williams wrote:

>It's still about trusting an individual - if you don't meet, you will never 
>know if it's actually the right person.

Well, if you do meet, how do you know? Asking for a passport and driving
license? They can be more easily falsified than pgp signatures. In fact,
in Romania an entire industry is aimed at that.

The point is, if you don't know someone personally for a long time, identity
information can be falsified. If you want to sign someones key based on
paper ID's, I don't see why that would be more secure than looking up a
company name in the phonebook and call them.

>I would hope that everyone would be willing to trust my key and keys that I 
>have signed on this basis: Verify me and have confidence that the keys that I 
>have signed are known to have been good at the time of signing.

If it comes at really important situations where my life might be at stake,
I don't see why I would trust anyone I have not met personally.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



More information about the Gnupg-users mailing list