On 12 August 2013 18:16, Adam Bolte <[email protected]> wrote:
> This is a really good point. I'm not sure which side of the fence is > best, but I feel that we should quickly discuss this point on > Thursday if time permits. > Problem is that the name of the person doesn't uniquely identify the person. The email [1] address does. So I could get people to sign my key as: Brian May <[email protected]> It matches my passport. It looks right. It must be ok, right? The fact this email address may not be valid doesn't matter (and is probably better that way). I now can impersonate Brian May[2], and ensure he gets blamed for all my evil doings. Just as he could have a certificate signed with my email address, and pretend to be me. Sure, he won't get the emails, but can still do a lot of damage. [1] Almost always anyway. Sometimes email addresses can be reassigned however (IIRC Yahoo or somebody was doing this). [2] hint: http://www.brianmay.com/ - it isn't me! -- Brian May <[email protected]> _______________________________________________ Free-software-melb mailing list [email protected] http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
