[colug-432] PGP Signing Party
Steve VanSlyck
s.vanslyck at spamcop.net
Tue Dec 21 08:15:15 EST 2010
Well, can't they do that anyway? I mean that's been my difficultty with
certificates and PGP and so on all along.
The guy that stole my wallet displayed my drivers license and signed my
name to the credit card slip with no problem. Having someone else's
initials on my driver's license telling the world that I'm me wouldn't
have helped. It seems to me that signing only helps prove my identity to
the specific person who signed, not to the world in general, and even
then only so long as I'm in possession of the computer I used to generate
the email.
Is that what signing is for - to validate a one-to-one relationship?
----- Original Message -----
From: William Yang <wyang at gcfn.net>
To: Central OH Linux User Group - 432xx <colug-432 at colug.net>
Date: Tue, 21 Dec 2010 08:04:22 -0500
Subject: Re: [colug-432] PGP Signing Party
> On Tue, 2010-12-21 at 08:00 -0500, Steve VanSlyck wrote:
> > Apologies for asking a really stupid question, but why do I need anyone
to
> > sign my key. I understand that private keys are self-generated, then
used
> > to create the public key which is provided to one's intended recipient,
> > and that's that.
>
> Do you have to? No.
>
> However, what's to stop some hostile person from creating a key that
> claims to be Steve VanSlyck and using it... other than signing and the
> reputation-based web of trust?
>
> -Bill
>
> --
> William Yang
> wyang at gcfn.net
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
More information about the colug-432
mailing list