Re: mysterious PGP release-signing keys

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

Alex Alten (Alten@Home.Com)
Thu, 24 Dec 1998 21:25:22 -0800

Next message: James A. Donald: "Re: Sammers eers Theft of Ben lauries Intellectual"
Previous message: jim finder: "Re: Sammers eers Theft of Ben lauries Intellectual"

>> This is yet another a good example of why one should never confuse using
PK
>> certificates with security. An email PGP signature looks impressive but in
>> practice it is useless.
>
>It is usefull iff you can verify the validity of the used PK certificate.
>That's what the web of trust in PGP is for.
>

Unfortunately the "if" is false. I have no idea if your fancy PK signature
really represents you. Just look at the recent trouble Black Unicorn has
had with someone else using the same name affiliated with a key stored on
the Network Associates PGP key server. Dave could not verify a PK signature
for the PGP software distribution itself. PKI, or a web of trust, looks
good on paper but in practice it does not work when scaled up to large
numbers of networked users.

- Alex

Alex Alten

Alten@Home.Com Alten@TriStrata.Com

P.O. Box 11406 Pleasanton, CA 94588 USA (925) 417-0159

Next message: James A. Donald: "Re: Sammers eers Theft of Ben lauries Intellectual"
Previous message: jim finder: "Re: Sammers eers Theft of Ben lauries Intellectual"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

All trademarks and copyrights are the property of their respective owners.
Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:17:38