[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keysigning without physically meeting ... thoughts?

On Sun, Jun 12, 2005 at 07:49:51AM +0100, Andrew Suffield wrote:
> On Sat, Jun 11, 2005 at 11:17:21PM -0700, Steve Langasek wrote:
> > > What are we setting out to achieve?
> > 
> > - To verify that the person so identified controls a specific email address

> What does 'control' mean here? Given this:

> > Many people consider all of options a), b), and c) to be inappropriate, and
> > will instead encrypt each of the uid signatures individually and mail them
> > to the corresponding email address, to verify that you control each address.

> I presume that you just mean 'is capable of receiving mail sent to the
> address', but that is anybody at all with an internet connection and a
> copy of woody, which contains all you need to capture other people's
> mail. I'm not sure why you're bothering to verify that the person so
> identified falls into this group.

Yes, and might I say, your personal email is particularly juicy.

Oh -- or did you mean to say anybody at all with an Internet connection, a
copy of woody, and *access to one of the networks/hosts in the path of travel
of the email*?

> Mail delivery is nothing remotely resembling secure. That's why we
> need keys in the first place (and all you people waving smtp-tls
> around, go back and think about how useful that's going to be without
> signing keys).

This is an argument that there is no such thing as perfect security.  I'm
not stupid enough to have made any such claim, but thank you for reminding
us all that you *think* most DDs are stupid enough to believe in such

Verifying that the signee has control over the email address is exactly that
-- that's why I didn't say that it was verifying who *owned* the email
address. Knowing this may be of limited value, but that doesn't mean it's
not worth doing.

Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: