GPG/PGP key signing anyone?
Brian Russo
brusso at phys.hawaii.edu
Thu Oct 4 01:20:27 PDT 2001
On Wed, Oct 03, 2001 at 06:23:56PM -1000, John & Sheila Nickerson wrote:
> Well, no, actually it isn't impossible. It *may* be inadvisable but not
> impossible.
It *IS* inadvisable.
> Do whatever you think is appropriate to determine the key belongs to whomever
> you believe it should belong to. Call them on the phone & get the
> fingerprint or whatever.
Sure, phones are convenient, but there is no exchange of
credentials.
Just because I say I am Joe Brown, (808) xxx xxxx, and hey.. when
you call that number, I answer.. This says nothing about if I am
really Joe Brown or not ..
If we view each other's passport/driver's license.. there is an
exchange of identification. Can ID's be forged? sure.. But no real
system is perfect.
--
Unix Staff, High Energy Physics Group <brusso at phys.hawaii.edu>
Debian/GNU Linux! http://www.debian.org <wolfie at debian.org>
More information about the LUAU
mailing list