key-signing for pseudonyms
Atom 'Smasher'
atom-gpg at suspicious.org
Sat May 15 23:17:02 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
after reviewing some how-to guides for key-signing parties, they
universally seem to skip any address verification!?!
according to the current how-to guides for a key-signing party, someone
could show up with ID that says "osama bin laden" and a key with my email
address.... the ID checks out with the name on the key-id, and
everything's fine; people sign osama bin laden's key with my email
address... and then the FBI comes knocking on my door.
maybe that's a stretch, but shouldn't confirming an email address be just
as important as confirming a real name? the address could be incorrect
either by accident or malice.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"If a nation values anything more than freedom, it will lose
its freedom; and the irony of it is that if it is comfort
or money it values more, it will lose that, too."
-- W. Somerset Maugham
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
iEYEARECAAYFAkCmiNMACgkQnCgLvz19QeNriQCfQUgZukhAA4oFRPf91/YnwP20
F6gAoKYwDhSNQxRLNCM7EQXWG3DN7j+m
=V1TA
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list