--On onsdag, juni 04, 2003 14:16:50 +0200 Alexandru Petrescu <[EMAIL PROTECTED]> wrote:
Harald Tveit Alvestrand wrote:nope. we have had a lot of PGP key signing parties at IETFs, but nothing "official".
I see, I might want to attend.
From what I've read, keys (or fingerprints?) were read aloud.
I generally use wwwkeys.eu.pgp.net when I look for keys, but there's nothing very magical about that.
I see. So your trust basically relies on the integrity of that particular server.
not at all. Trust depends on the signatures of the key; I only use the keyserver to look for keys I don't have on hand.
Did you store the key securely on the keyserver?
Why should I? It's signed, so it's either there or not there - you can't fake it, just remove it.
Can't I just create a public key with the Harald's name and email address and then post to this list claiming I'm Harald?
yes, you can. And after all, your real name might be Harald, so I shouldn't have a way to stop you from doing that.
However, those who care about whether it's me or you posting will look at who signed it - that's why my key block is so huge; it's got all these signatures dangling from it....
I know - signing messages that will be damaged in transit is a VERY hard problem....
(And sometimes I wish the keyservers WOULD drop some keys - there's an old key of mine out there that I don't use any more....)
Sure, they should.
Which keyserver? Which port? The particular network I connect to is blocking most ports, so I can't retrieve your public key.
It's attached below, too. Anything to increase the Kbytes-posting-stats :�
Thank you, I imported it, but the signature of previous messages didn't verify, sorry.
