17 Dec
2003
17 Dec
'03
11:17 p.m.
On Wed, 24 Jan 1996, Perry E. Metzger wrote:
How do they verify that the person confirming the fingerprint is indeed the person supposedly owning the key?
Thats up to the people signing. In most cases in that sort of environment, you know about 30% of the people in the room, and you sign their keys (and no one elses, which is reasonable).
This is pretty much the pure web-o-trust model - the identity of the person is assmed to be known at the start of the process, and what is verified is the key- closure gets you the other folks. I'm usually not to keen on WOT, but if it was an AI project, this is the example that would be in the writeup :-)