Maybe I misunderstood you (middle of the night here), but isn't that a problem? Evil guy gets fake cert, trusts you with his cert, you get trusted, you sign his cert, the fake cert gets trusted?
The trust programme only interacts with the certificate process as far as identifying them in the first place, evil guy would have to get 3 people to trust him, ID checks etc, although judging by the following article photo ID documents can be just as useless...
http://smh.com.au/articles/2004/04/13/1081621954002.html
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
