--===============1119818582==
Content-Type: multipart/signed;
  boundary="nextPart3300868.uevC4X7hel";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart3300868.uevC4X7hel
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Friday 19 January 2007 03:46, Boyan Tabakov wrote:
> The idea is to sign keys of people you know directly and who's public keys
> you can obtain in a secure way - e.g. the other person himself gave you t=
he
> fingerprint on a sheet of paper. That way you are 100% sure that the key
> belogs to him alone. If you choose to trust my key for example, how do you
> know that I am really someone called 'Boyan Tabakov'? I could have created
> a key stating that I am 'Ritchie Blackmore'. (Last time I mentioned Bill
> Gates here, but thought it would be too much for the guy:) ). If you do
> think you can trust my key, a good idea is to mark this with a local
> signature (one that cannot be exported). See gpg's manual on how to create
> local signatures.

I think there is a rarely stated middle ground.  For me, it especially usef=
ul=20
in mailing lists such as these.  If I decide over time that the list=20
subscriber who calls himself 'Boyan Tabakov' gives generally good advice, I=
=20
can be assured that that the message comes from this guy no matter what his=
=20
real name is.

PGP devotes generally dismiss this middle ground as not sufficiently positi=
ve. =20
PGP opponents generally can't understand why anyone would care about the=20
identity of list subscriber.  I am comfortable with this middle ground, as =
I=20
usually  don't really care what your real name is, as long as you are the=20
person I know as...

Admit it, even people you know face to face could be deceiving you about th=
eir=20
identity.  My local LUG asks people to bring driver's licenses to signing=20
parties, but for a modest price, I could get a drivers license with my=20
picture and address, but a dead person's name and license number.
=2D-=20

_____________________________________________________________
Art Alexion

PGP fingerprint: 52A4 B10C AA73 096F A661  92D2 3B65 8EAC ACC5 BA7A
Keyserver: hkp://subkeys.pgp.net
The attachment - signature.asc - is my electronic signature; no need for=20
alarm.  Info @=20
http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html
_____________________________________________________________

--nextPart3300868.uevC4X7hel
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iQCVAwUARbDJC0LG/oYII0YuAQLnZgQAvnqhtADH6ED38rG+Km+wwkKHEUsovZ7R
UfK90JGeJfOoIOyooAoAQdfY303O180KRLt4vQVjDWPCNuqv2BVOa+XBNZaYiDgv
0IBubcxWaXJiSIAxCvbYYB9aw4gneZdLb+bUhDvCeqP+QbSDmmw5zZwdYT8YTAuA
dFLdg0yR7rk=
=M6oj
-----END PGP SIGNATURE-----

--nextPart3300868.uevC4X7hel--

--===============1119818582==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
KDE PIM users mailing list
kdepim-users@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users

--===============1119818582==--