[prev in list] [next in list] [prev in thread] [next in thread]
List: kdepim-users
Subject: Re: [kdepim-users] Boyan Tabakov turned Green ! (PGP KGpg topic)
From: Art Alexion <art.alexion () verizon ! net>
Date: 2007-01-19 13:34:35
Message-ID: 200701190835.08148.art.alexion () verizon ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Friday 19 January 2007 03:46, Boyan Tabakov wrote:
> The idea is to sign keys of people you know directly and who's public keys
> you can obtain in a secure way - e.g. the other person himself gave you the
> fingerprint on a sheet of paper. That way you are 100% sure that the key
> belogs to him alone. If you choose to trust my key for example, how do you
> know that I am really someone called 'Boyan Tabakov'? I could have created
> a key stating that I am 'Ritchie Blackmore'. (Last time I mentioned Bill
> Gates here, but thought it would be too much for the guy:) ). If you do
> think you can trust my key, a good idea is to mark this with a local
> signature (one that cannot be exported). See gpg's manual on how to create
> local signatures.
I think there is a rarely stated middle ground. For me, it especially useful
in mailing lists such as these. If I decide over time that the list
subscriber who calls himself 'Boyan Tabakov' gives generally good advice, I
can be assured that that the message comes from this guy no matter what his
real name is.
PGP devotes generally dismiss this middle ground as not sufficiently positive.
PGP opponents generally can't understand why anyone would care about the
identity of list subscriber. I am comfortable with this middle ground, as I
usually don't really care what your real name is, as long as you are the
person I know as...
Admit it, even people you know face to face could be deceiving you about their
identity. My local LUG asks people to bring driver's licenses to signing
parties, but for a modest price, I could get a drivers license with my
picture and address, but a dead person's name and license number.
--
_____________________________________________________________
Art Alexion
PGP fingerprint: 52A4 B10C AA73 096F A661 92D2 3B65 8EAC ACC5 BA7A
Keyserver: hkp://subkeys.pgp.net
The attachment - signature.asc - is my electronic signature; no need for
alarm. Info @
http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html
_____________________________________________________________
[Attachment #5 (application/pgp-signature)]
_______________________________________________
KDE PIM users mailing list
kdepim-users@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic