On Wed, 2005-01-19 at 21:16, Brian Beattie wrote: > On Wed, 2005-01-19 at 21:11, Georgi Georgiev wrote: > > maillog: 19/01/2005-20:37:29(-0800): Brian Beattie types > > > > > > Well I still don't see why I need to link my e-persona to some > > > meat-space persona. It may give others some sense of security, but I > > > feel it is illusory. Besides I only have one form of Id that I am > > > willing to display and I don't get paid to attend conferences. > > > > So people are currently trusting the *name* of a person, but... What > > happens if I show a proper ID but use fake e-mail addresses in my key? > > Nobody told me how you verify e-mail addresses... > > > > So, if I had an anonymous uid in my key, how likely is someone to sign > > it without meeting in person? I am not claiming to be Georgi Georgiev > > with that uid, I only claim to be [EMAIL PROTECTED] > > > > To see what I mean -- gpg --refresh-keys [EMAIL PROTECTED] and verify the > > signature of this message. The latest uid that I just created has no > > name associated with it, so no need for an ID, right? I just need to > > prove that [EMAIL PROTECTED] is my address, right? > > No I don't see, if I can produce an arbitrariy message, signed by the > key associated with an ID, be it email, Drivers License, Passport, > fingerprint whatever, than I am that persona or I have stolen their key, > or I have broken the algorithim. Stolen keys are a problem nomatter > what.
I probably missed part of your point, so let me add a few things, first, do you know how easy it is to get a fake ID? Secondly, when I have been dealing with [EMAIL PROTECTED] for years, exchanging email and code, how much to I care if the name on their birth certificate is Georgi Georgiev or Frank N Stein, or Judy Garland. The person I know is [EMAIL PROTECTED], not Georgi Georgiev. -- Brian Beattie LFS12947 | "Honor isn't about making the right choices. [EMAIL PROTECTED] | It's about dealing with the consequences." www.beattie-home.net | -- Midori Koto -- [email protected] mailing list
