Houston, we have a problem
Stefan Claas
stefan.claas at posteo.de
Thu Sep 21 21:38:44 CEST 2017
On Thu, 21 Sep 2017 21:11:17 +0200, Ralph Seichter wrote:
> On 21.09.17 20:49, Stefan Claas wrote:
>
> > How could customers, not pros like all you guys here on the list,
> > could verify that we both are the persons the keys/signatures are
> > claiming?
>
> Legal identification is required. Since you are German, you can use
> https://www.heise.de/security/dienste/Wie-kann-ich-mitmachen-474837.html
> as a reference for how this can be done.
Hi Ralph,
i am well aware of Heise's CA, because an old pub key of mine bears a
sig3 from them. The thing is someone could issue a fake sig3 from
Heise's CA key to someone else's pub key, without that that customers
would detect it, nor Heise would know it, until of course they would
see the keys in question. I don't know if CA's here in Germany scan
key servers for their issued signatures.
Regards
Stefan
--
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
More information about the Gnupg-users
mailing list