>>>>> "Matthew" == Matthew Vernon <matthew@sel.cam.ac.uk> writes:
Matthew> Ralf Treinen writes:
>> On Mon, Apr 16, 2001 at 10:55:21PM +0200, Lenart Janos wrote:
>> > It's terrible what you people here call keysigning, and keysign
>> > checking. You are using --list-sigs and not --check-sigs, --list-sigs
>> > DOES NOT CHECK ANYTHING. And that other guy signs a UID that's
>> > invalid. So, if elmo rejects the application the applicant can be happy
>> > with having a signed @debian.org UID, I have no idea whatever it's good
>> > for by this time, but it's BAD anyway. The web of trust is piece of shit
>> > becouse of the 'I-don\'t-care' users of strong encryption systems.
Bullshit.
>> If I sign a key I confirm the fact that the person with the name on
>> the key has claimed to me that the key is his. IMHO my signature on
>> the key does not confirm that the person is owner of the mailbox.
>> Am I right?
Yes. I sign keys based on a check that the person listed as the key
owner (a person having a name and not being an email address) is in
fact that person. Based on official ID that I think I can trust, of
course (no exception, ever).
I do not check email addresses... they are *not* the person. And
email addresses don't have anything to do with trust.
Bye, J
--
Jürgen A. Erhard juergen.erhard@gmx.net phone: (GERMANY) 0721 27326
MARS: http://members.tripod.com/Juergen_Erhard/mars_index.html
Electronic Frontier Foundation (http://www.eff.org)
Comes in two sizes: huge and Oh-My-God.
Attachment:
pgp_SxMzxvuO8.pgp
Description: PGP signature