[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG Key Signing <Pine.LNX.4.30.0106291016180.5417-100000@tennyson.netexpress.net>

>>"Steve" == Steve Langasek <vorlon@netexpress.net> writes:

 >> Are you implying that ensuring the person whose identity you
 >> verified actually controls the email address and the secret pass
 >> phrase adds no value to the web of trust?

 Steve> Out of curiosity, under what circumstances do you foresee
 Steve> someone bringing a public key that has their name on it, and
 Steve> their photo ID, to a keysigning  party, when they don't have
 Steve> the private key that matches it?  I'm as puzzled 
 Steve> as Robbe wrt the problem this tries to solve.

	A) I have had this experience (they just wanted a signature,
	   but they were not very serious about pgp.
        B) Wrong question. If you only protect against something when
           you know of a attack, you are unnecesarily vulnerable. 

	When you see my signature on the key, it means that
  i) The owner had two forms of photo ID, or a passport and other
     possibly non-photo means of identification (of course, the
     identification documents may be forged)
 ii) They (or a close conspirator) actually control every ID that I
     have signed. 
iii) They (or a close conspirator) has control of the secret key
     corresponding to the signed ID's

	It is my belief that these assertions provide value.  The
 protocol ensure that I can assert so.

 Every nonzero finite dimensional inner product space has an
 orthonormal basis.  It makes sense, when you don't think about it.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: