>>>>> "Matthew" == Matthew Vernon <matthew@sel.cam.ac.uk> writes: Matthew> Ralf Treinen writes: >> On Mon, Apr 16, 2001 at 10:55:21PM +0200, Lenart Janos wrote: >> > It's terrible what you people here call keysigning, and keysign >> > checking. You are using --list-sigs and not --check-sigs, --list-sigs >> > DOES NOT CHECK ANYTHING. And that other guy signs a UID that's >> > invalid. So, if elmo rejects the application the applicant can be happy >> > with having a signed @debian.org UID, I have no idea whatever it's good >> > for by this time, but it's BAD anyway. The web of trust is piece of shit >> > becouse of the 'I-don\'t-care' users of strong encryption systems. Bullshit. >> If I sign a key I confirm the fact that the person with the name on >> the key has claimed to me that the key is his. IMHO my signature on >> the key does not confirm that the person is owner of the mailbox. >> Am I right? Yes. I sign keys based on a check that the person listed as the key owner (a person having a name and not being an email address) is in fact that person. Based on official ID that I think I can trust, of course (no exception, ever). I do not check email addresses... they are *not* the person. And email addresses don't have anything to do with trust. Bye, J -- Jürgen A. Erhard juergen.erhard@gmx.net phone: (GERMANY) 0721 27326 MARS: http://members.tripod.com/Juergen_Erhard/mars_index.html Electronic Frontier Foundation (http://www.eff.org) Comes in two sizes: huge and Oh-My-God.
Attachment:
pgp_SxMzxvuO8.pgp
Description: PGP signature