On Thu, 21 Sep 2017 21:11:17 +0200, Ralph Seichter wrote: > On 21.09.17 20:49, Stefan Claas wrote: > > > How could customers, not pros like all you guys here on the list, > > could verify that we both are the persons the keys/signatures are > > claiming? > > Legal identification is required. Since you are German, you can use > https://www.heise.de/security/dienste/Wie-kann-ich-mitmachen-474837.html > as a reference for how this can be done.
Hi Ralph, i am well aware of Heise's CA, because an old pub key of mine bears a sig3 from them. The thing is someone could issue a fake sig3 from Heise's CA key to someone else's pub key, without that that customers would detect it, nor Heise would know it, until of course they would see the keys in question. I don't know if CA's here in Germany scan key servers for their issued signatures. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users