On 2005-05-31 at 22:58:59 Kevin Coates wrote: > In many cases we don't know if the name behind the message is real. > Notarized digital certificates from Thawte or CAcert contain the > user's name. Because identity credentials are checked, we are assured > that the identity behind the name/address is the real person.
This entirely depends on whether you trust the CA or not. And even if you trust them, they might be extremely sloppy when checking those credentials. (I have some personal experience with sloppy certificate vendors, but YMMV of course. :) > On the GPG/PGP side the same can be said for those verified by the > Gossamer Web of Trust (GSWoT). In these instances we can be assured > the name is real. The same caveat applies to any web of trust. I know many people who only give any GPG/PGP key full trust when they receive it in physical form (i.e on a floppy, USB stick, or even a piece of paper!) from the owner of the key. You can call this paranoia, but the verification of keys is actually only of the very few weak points of public key cryptography...
pgppQ4CCHtTGQ.pgp
Description: PGP signature
________________________________________________________ Current beta is 3.5.24 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
