This illustrates the need for and role of certification authorities. See http://www.law.miami.edu/~froomkin/articles/trusted.htm for some info. On Sat, 13 Jul 1996, Lyal Collins wrote:
This touches upon a favourite rant of mine. [...] So, now you need to ensure that you can get your public key (to verify the digital signature with) in the hands of all your possible, or intended, recipients.
Now the race is on for as many people as possible to generate PGP public keys/certificates bearing your name, or variations of it. Once that occurs, there is a fair chance that one of these keys will verfiy the digital signature on a piece of software purportedly from you. Still, not many people will have your true PGP public key/certificate, but, them's the breaks.
[...] A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid.