On Wed, 2005-01-19 at 21:11, Georgi Georgiev wrote: > maillog: 19/01/2005-20:37:29(-0800): Brian Beattie types > > > > Well I still don't see why I need to link my e-persona to some > > meat-space persona. It may give others some sense of security, but I > > feel it is illusory. Besides I only have one form of Id that I am > > willing to display and I don't get paid to attend conferences. > > So people are currently trusting the *name* of a person, but... What > happens if I show a proper ID but use fake e-mail addresses in my key? > Nobody told me how you verify e-mail addresses... > > So, if I had an anonymous uid in my key, how likely is someone to sign > it without meeting in person? I am not claiming to be Georgi Georgiev > with that uid, I only claim to be [EMAIL PROTECTED] > > To see what I mean -- gpg --refresh-keys [EMAIL PROTECTED] and verify the > signature of this message. The latest uid that I just created has no > name associated with it, so no need for an ID, right? I just need to > prove that [EMAIL PROTECTED] is my address, right?
No I don't see, if I can produce an arbitrariy message, signed by the key associated with an ID, be it email, Drivers License, Passport, fingerprint whatever, than I am that persona or I have stolen their key, or I have broken the algorithim. Stolen keys are a problem nomatter what. -- Brian Beattie LFS12947 | "Honor isn't about making the right choices. [EMAIL PROTECTED] | It's about dealing with the consequences." www.beattie-home.net | -- Midori Koto -- [email protected] mailing list
