trust your corporation for keyowner identification?

[Stan Tobias]

"Paul R. Ramer" <free10pro at gmail.com> wrote:
> Stan Tobias <sttob at privatdemail.net> wrote:
> >Yes, but by remote communication.  The reasoning goes like this: The
> >signature is validated by my certificate (or, in case 2a, by my
> >friends'
> >whom I trust fully).  The message is authenticated by X's valid
> >signature,
> >therefore the message has not been tampered with and its author is X.
> >X says he uses a new key K2.  Because I've got this message from X,
> >I have verified the ownership of K2, so I can sign it.
>
> Sorry, but this is wrong. The certificate of the first key is valid,
> the signature of the message is valid, but your correspondent's claim
> to ownership of the second key is not yet proven. While you know that
> whoever has control of the first key sent you that message, you have
> not confirmed that he can decrypt and sign with the second key.

This is a "technicality" that can be fixed by sending and an encrypted
unknown message and awaiting a decrypted version, just as you've described
elsewhere.  I haven't tried to cover every minute detail of verification,
my general idea is to replace direct contact with electronic signed
messages, after having properly initialized the exchange (verified, etc.).
The question is: do signatures supply an authenticated channel which
can serve instead of physical contact, or not?  For me, at this point,
the question is still open.

I've been reading subsequent discussion, I think Leo Gaspard has made a
few excellent points.  I have nothing significant to add here.  I have
one question, though.

My understanding is that e-mail verification by sending encrypted message
is part of identity verification (it defends against petty fraud, but
that's the least we can do).  Why is it important to verify the owner
can _decrypt_ a message?  Can you sketch a problem this verification
defends against?

Stan Tobias