Re: PGP and verifying ids / emails (fwd)
On Tue, Jul 27, 1999 at 04:14:12PM -0500, Jor-el wrote:
> > You want someone to correspond with you regarding some serious things
> > without you letting him know your real name?
>
> 1. The developer in question _does_ know my real name.
>
> 2. If you are talking about someone who hasnt met me in real
> life, even assuming that I use my "Bob Smith" id, how in heavens name will
> they know that it is my real name? They have to trust the fact that there
> was a trusted someone who verified that a "real" me owns the id in
> question. This would be true even for the Jor-el id.
>
> 3. As I pointed out in my email, if the developer in question
> wasnt sure that the email id of Jor-el belonged to me, then he wouldnt be
> able to sign the following id too : "Bob Smith" <jorel@ibm.net>. This is
> so ridiculous, becuase it is perfectly valid for a person named Bob Smith
> to own an id called jorel@ibm.net .
>
> Am I missing something?
Someone else with experience in PGP keys handling will answer this
question, I can't. I have a PGP key, but nobody has yet signed it.
FWIW I don't feel that having this and that encyrpted/signed/authenticated
is important. I also think that people should put their full name in the
From: field of e-mail messages they send, and changelog entries of the
packages they upload. But that's just my opinion.
> > BTW, isn't "Jor-el" a Star Wars character?
>
> PS. Not Star Wars but Superman. Jor-el was the father of Kal-el (aka
> Superman).
Oh... I must have missed that episode ;)
--
enJoy -*/\*- don't even try to pronounce my first name
Reply to: