On Monday, Mar 24, 2003, at 22:32 US/Eastern, bear wrote:
On Mon, 24 Mar 2003, Jeroen C. van Gelderen wrote:
It's rather efficient if you want to sign a large number of keys of people you mostly do not know personally.
Right, but remember that knowing people personally was supposed to be part of the point of vouching for their identity to others.
Not that I heard of. I always understood that I should be 'convinced' of the identity and willing to state that to others.
Knowing someone personally is very nice and gives you rather a lot of assurance that their identity is being used consistently and that others know the person by the same identity. (It is for precisely that reason that I have signed a few keys for people who use an alias.)
Sometimes however you have the choice between a 'weaker' form of certification and no certification at all. I prefer the former because it increases the chances of the WoT being useful. Key signing parties' reliance on passports are a case in point. In general passports are a reasonable indication of identity.
"I know this guy. We spent a couple years working on X together." is different in kind from "I met this guy once in my life, and he had a driver license that said his name was mike."
Yes. But PGP doesn't mandate either interpretation. That is what you use your trust knobs for: you decide on a per-user basis how trustworthy an identity certification from that user is. The redundancy of a well-connected WoT then helps you a bit in eliminating simple errors.
Cheers, Jeroen -- Jeroen C. van Gelderen - [EMAIL PROTECTED]
The python
has, and I fib no fibs,
318 pairs of ribs.
In stating this I place reliance
On a séance with one who died for science.
This figure is sworn to and attested;
He counted them while being digested.
-- Ogden Nash
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
