[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Senator Leahy's Public Key



Bill Frantz said:
> The more I think about Senator Leahy's public key, the more I keep coming
> back to a point I only alluded to before.
> 
> How do we know the key is actually his key?
> 
> The key is only self signed.  It could be a fake.  If, as I have assumed,
> its primary use will be to sign public statements posted to the net, how
> will we know they are actually from Senator Leahy, and not some impostor?
> 
> I strongly urge the senator to join the web of trust and get some other
> signatures on his key.

Actually, I've been thinking about this, and how do we *really* know that
*anyone's* keys are actually theirs?  I'm new to this list and have been 
collecting some of the keys from people who post with PGP signatures, but 
even at that, I never certify them myself because I am not 100% absolutely
certain that the key in question belongs to that person.  After all, what
if some clever hacker dropped in and replaced someone's .plan file, or 
edited their index.html file?  There's no real way to be absolutely 
certain.

How certain are we that the keyservers are 100% bulletproof?  Hell, I 
could call Joe Schmoe up and say "tell me your fingerprint", but how do I 
*really* know I'm talking to Joe unless I knew him before getting his 
signature?  

Just some thoughts about some of the basic flaws in this sort of system.  

BTW, I collect the signatures because I have a patched version of Elm which
goes out and automatically tries to verify all PGP signed messages, and 
it's kind of annoying when it can't find the signature (all sorts of junk
goes sprawling up my screen).  


> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> [email protected] | dead teenagers | Los Gatos, CA 95032, USA

-- 
Matt Smith - [email protected]
"Nothing travels faster than light, with the possible exception of bad news, 
which follows its own rules." - Douglas Adams, "Mostly Harmless"
Disclaimer:  I came up with these ideas, so they're MINE!