maillog: 19/01/2005-21:16:55(-0800): Brian Beattie types > On Wed, 2005-01-19 at 21:11, Georgi Georgiev wrote: > > So people are currently trusting the *name* of a person, but... What > > happens if I show a proper ID but use fake e-mail addresses in my key? > > Nobody told me how you verify e-mail addresses... > > > > So, if I had an anonymous uid in my key, how likely is someone to sign > > it without meeting in person? I am not claiming to be Georgi Georgiev > > with that uid, I only claim to be [EMAIL PROTECTED] > > > > To see what I mean -- gpg --refresh-keys [EMAIL PROTECTED] and verify the > > signature of this message. The latest uid that I just created has no > > name associated with it, so no need for an ID, right? I just need to > > prove that [EMAIL PROTECTED] is my address, right? > > No I don't see, if I can produce an arbitrariy message, signed by the > key associated with an ID, be it email, Drivers License, Passport, > fingerprint whatever, than I am that persona or I have stolen their key, > or I have broken the algorithim. Stolen keys are a problem nomatter > what.
What's your point again? I am not sure how the problem with stolen keys has anything to do with what I said. But then again, maybe what I said had nothing to do with wath you intended to say before that (and I misunderstood you). Please elaborate. -- ) Georgi Georgiev ) Growing old isn't bad when you consider ) ( [EMAIL PROTECTED] ( the alternatives. -- Maurice Chevalier ( ) +81(90)6266-1163 ) )
pgpITpB3ObtK8.pgp
Description: PGP signature
