playing with cryptography...

Graham Murray graham at gmurray.org.uk
Fri May 23 14:20:55 CEST 2008


"Hardeep Singh" <hs2412 at gmail.com> writes:

> There is nothing that can prove who you say you are. State provided ID
> cards only prove that you were able to convince the system that you
> have a specific name.

For individuals I think that too much importance is placed on identity
based on name. For companies it is different, it is useful to know that
the email/web site etc that purports to be from example.com is actually
from the company Example Ltd. For individuals, it is much more useful to
treat the certificate/gpg key as identity so that it can be said (as
long as the sender is careful with not allowing others access to the
private key) that the email signed by John Doe's key/certificate is from
the same person calling himself John Doe that you have previously
received email. 



More information about the Gnupg-users mailing list