On Tue, Nov 04, 2003 at 07:10:49PM -0500, Allister MacLeod wrote: > On Tue, Nov 04, 2003 at 05:53:19PM -0500, David Yitzchak Cohen wrote: > > On Tue, Nov 04, 2003 at 11:06:41PM +0100, Aron Stansvik wrote: > > > Should this not be done unless we meet > > > personally or verify something over a secure phone line? > > If your question pertains to "should," then the answer is what you > > have above, plus the possibility that if you can find somebody else you > > trust to tell you this kind of stuff and who's willing to certify that > > I'm myself, then you don't have to directly verify that I'm myself. > > That's called the web of trust. > > To Aaron: > > I trust that if the person who posts to mutt-users as David Yitzchak > Cohen cares about avoiding impersonation, he won't give his privkey > and passphrase to anyone else. At this point, since I don't forsee > needing to exchange very sensitive information with Dave, it matters > very little to me whether the key belongs to a man named D.Y. Cohen, > or a small child, or an old woman, or whatever. Therefore, I feel > quite justified in locally certifying his key with my own, at a trust > level of 0: "I don't know." That suffices to kill the warning, and, > to me, doesn't imply any trust beyond what I'm willing to put forth. > > Of course, your mileage may vary. (Just don't drive in 1st on the highway.) Okay, sounds reasonable. Thanks for the long explanation, and it's Aron with one 'A' BTW :) Best regards, Aron Stansvik -- unemployed
Attachment:
pgpepdMV6DiBI.pgp
Description: PGP signature