sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] About deleting keys

From: dirk astrath
Subject: Re: [Sks-devel] About deleting keys
Date: Tue, 29 Oct 2013 22:25:32 +0000
User-agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.0 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Kristian,

>>> This is why you have key validation requirements and 
>>> signatures/certification. The existence of a key doesn't bind 
>>> that key to a specific individual, no matter what the UID
>>> says.
>> Wrong ... the unique email-adress is the problem .. which is 
>> usually in the UID of the key.
> This isn't too relevant from a security perspective wrt a "fake web
> of trust" but seems more like a response wrt privacy questions.
> Keys have to be validated (typically involving certification)
> before use!

Would you please explain this to the "normal" user? ;-)

They find the key and use it.
If they are good, they check the number of signatures and use it.
... and how often do you check the way from your key to my before
relying to it? ;-)

best regards ...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJwNdsACgkQVuf/iihAxwgXLQCgon0Zp9ZGr4b/XmzlK1kRTbmx
NpgAnjiLl7R5rZJwxs5WWmdDvpIqmNS9
=WHiy
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]