martin f krafft wrote:
> also sprach Manoj Srivastava <[EMAIL PROTECTED]> [2007.05.31.1658 +0200]:
>> Why is that surprising? Trust is not given away by default; it
>> has to be earned.
>
> This is where we differ. I generally trust people until they abuse
> my trust. Call me naïv or anything, but it's been a good life so far
> on that track.
Otherwise, it will be difficult to have key signed.
When I give my passport to a DD, I really trust (and hope) that
he will not run away with my pass.
Anyway should I certify that you are our [EMAIL PROTECTED] or one
of the "martin f krafft" in the world?
I really see few people that check identity AND the email (people tend
to sign all key-identity of a key).
How to do this check in a reliable and completely secure way?
(I think that a man on the middle attack is always possible).
ciao
cate
PS: undecided about mass key signing party. I didn't participate, so
I cannot judge the reliability.
_______________________________________________
Debconf-discuss mailing list
[email protected]
http://lists.debconf.org/mailman/listinfo/debconf-discuss
