>>>>> "Manoj" == Manoj Srivastava <srivasta@debian.org> writes:
Manoj> Email ID's have value. Some one comes up with, say, a
Manoj> First National Bank ID, and one trusts that ID, perhaps
Manoj> some informatiopn can be given out since the person works
Manoj> for the bank anyway. Except the person lied.
And how do you know that the person *still* controls the ID when you
send him/her something months after checking?[1]
You see value in email IDs... I don't, not in a keysigning context. I
see value in ensuring that the person controls the key, which means
that
+ stuff I sent to him/her encrypted can only be seen by that person.
+ stuff that is signed by that person is really from that person.
Nothing more, nothing less.
Bye, J
[1] Example: I have jae@ilk.de... which made one correspondent think I
worked for said ISP. Wrong. And then I'm also slowly decommissioning
it... but it will still be on my key, even though there might be
someone else behind it in the future.
PS: I'd rather get rid of the email part of GnuPG... and I'll probably
ask people to only sign the email-address-less uid on my key (I'
ids as they like, but don't rely on them).
--
Jürgen A. Erhard (juergen.erhard@gmx.net, jae@users.sourceforge.net)
My WebHome: http://members.tripod.com/Juergen_Erhard
Life's Better Without Braces (http://www.python.org)
"No matter how cynical I get, I can't keep up." -- Bruce Schneier
Attachment:
pgpkVXHiccgwU.pgp
Description: PGP signature