On Thu, May 31, 2007 at 05:51:22PM +0200, Giacomo A. Catenazzi wrote:
> I really see few people that check identity AND the email (people tend
> to sign all key-identity of a key).
That's wrong.
> How to do this check in a reliable and completely secure way?
> (I think that a man on the middle attack is always possible).
Send an encrypted mail to the email address that contains the signature
*for that address only*. The 'caff' script in the signing-party package
will automate this for you.
--
Shaw's Principle:
Build a system that even a fool can use, and only a fool will
want to use it.
_______________________________________________
Debconf-discuss mailing list
[email protected]
http://lists.debconf.org/mailman/listinfo/debconf-discuss
