| Darxus on Tue, 23 Apr 2002 23:10:14 +0200 |
|
On 04/23, Noah silva wrote: > a.) If I sign the message every time, and you verify the signature, you > can be sure that it is at least the same person sending the email every > time, even if you don't believe my name is really "noah silva". I don't even look at, let alone memorize your key ID, so no, I don't know all of your posts are signed with the same key. And if someone were to start posting with a different key with the same name, I would think you decided to generate a new key, not that someone else is trying to impersonate you. > also: I could show up to PLUG with a fake ID and get you all to sign my > public key as "Robert R DiCicco". Just like my employer's building Yeah, verifying identities can be tricky. I know I read of at least one keysigning party that required 2 forms of photo ID. I consider PLUG keysignings a forum for people to verify each other's identities and fingerprints as they see fit, and give suggestions on how to do so. As our keysignings get bigger and less personal (and I'm less likely to know the participants) I have been considering requiring people to exchange encrypted passwords with me before I sign their key, and I think I'm going to start doing that. -- "You shall know the truth, and it shall make you odd." -- Flannery O'Connor http://www.ChaosReigns.com Attachment:
pgpTuxzvg0o6U.pgp
|
|