Re: GPG USAGE HOWTO 1 (was: Re: AM report on Thierry Bourrillon)
On Tue, Apr 17, 2001 at 09:20:40AM +0200, Peter Palfrader wrote:
> You miss the point, imagine the following situation:
>
> We meet, I show you my ID and give you the fingerprint.
> My key has two IDs:
> Peter Palfrader <weasel@debian.org>
> Peter Palfrader <sirpeter@gmx.net>
>
> You sign both and send the key to my primary address or upload it to the
> keyserver.
>
> Congratulations, you have just allowed me to impersonate Peter Palfrader
> <sirpeter@gmx.net>, who happens to be an all together different Peter
> Palfrader than me.
If I only signed the first one you enter the web of trust, and
hence can sign yourself the other one.
-Ralf.
Reply to: