-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 19 Jan 2005, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Wed, 19 Jan 2005 11:47:25 +0000, Shaun > Lipscombe <[EMAIL PROTECTED]> said: [snip] > shaun.lipscombe> Just search any keyserver for "Superman" and I'm sure > shaun.lipscombe> you'll find someone that claims to be Superman for > shaun.lipscombe> example. > > Claims it in what way? You mean as part of the real name or as part > of the email address? Either way, what stops anyone claiming the same > in the X.509/PKIX world? That's not the point either way, the point > is if you trust the claim, or if you trust someone who would trust > that claim. That kind of trust can be handled, both in the OpenPGP > world and the X.509/PKIX one.
"Claims it in what way?" is in fact an extremely important question. I have little doubt that someone could find a judge willing to allow him to change his legal name to "Superman". After that it would say "Superman" on his business cards, bank accounts, utility bills, etc. and it would be reasonable to say that "that person's name is Superman," or, "here, let me give you a copy of Superman's email certificate." None of that says anything about whether the individual in question is the comic-book hero, able to fly, crush charcoal into diamonds in his hand, reflect bullets with his unprotected flesh, a native of Krypton, etc. It's necessary to think about what "his name is Superman" means, and whether that meaning is of any use in determining the kind of identity you want to prove. The same is true of X.509 or OpenPGP certificates, or really any other identifier. It's always necessary to decide what it is you want to know, before accepting something as identification. - -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Open-source executable: $0.00. Source: $0.00 Control: priceless! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQFB7qOps/NR4JuTKG8RAhbbAJ9qLXT7lvUg9/OyzIkeCkqHoa+PsACgiPGc C1TKEFXfny4Pqvg6mkBr01Y= =rFTN -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
