|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] confirming my identity
|
On 07/11, Dave Turner wrote:
> Because you encrypted the message using his public key, and you brought
> with you the fingerprint of the key you encrypted with. So, the person
> you meet at the meeting has the same keys as the person who has the
> e-mail address.
You're both right.
Dave, if someone created a key with the email address
darxus@chaosreigns.com, and was intercepting email to
darxus@chaosreigns.com, and you authenticated my identity by sending
a password to darxus@chaosreigns.com, and requiring it at an in-person
keysigning, you would, in fact, be verifying that the person was recieving
email as darxus@chaosreigns.com.
But as Jeff said, that might not be me.
Perhaps the combination of the password, and the fact that numerous
people present at the plug meeting / keysigning can tell you that I am
the one and only darxus@chaosreigns.com (and have signed my key attesting
to that fact), is enough.
And I have a feeling that intercepting email is probably no more likely
than forging photo ID for this.
It is a fun mental exercise. These thoughts have all crossed my mind
before.
--
http://www.ChaosReigns.com
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|