[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Radical Paranoia?
I'm having a philisophical problem reguarding when to sign someone
else's public key.
Obviously, if you watch someone generate a key, and they physicaly hand
you a copy of it, you should sign it. Fortunately, life has been this good
to me about 5 times. But what if life isn't so good?
Lets say someone emails me a key and the return address matches that of
the address in the key. Do I assume no one is spoofing me? You have to
admit that this is possible albeit unlikely. What good is key certification
if it only "probably valid?" I've noticed that many of the keys on the
server are signed with the same person's key. I doubt that these people
have had physical contact with each of the people who's key that they've
signed. Am I just being paranoid, or is there a valid issue here? I
welcome any of your comments.
+-----------------------+-----------------------------+---------+
| J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY |
| [email protected] | But, I was mistaken. |available|
| [email protected] | | Ask Me! |
| (505) 299-2282 +-----------------------------+---------+
| |
+------"I'm just looking for the opportunity to be -------------+
| Politically Incorrect!" <Me> |
+-----If codes are outlawed, only criminals wil have codes.-----+
+----Is Big Brother in your phone? If you don't know, ask me---+