Scott Brickner writes:
[ ... a bunch of stuff I have no quarrel with ... ]
Identifying the key with the person is entirely reasonable, if the key is what introduced the person to you (and thus ontologically created the entity).
Right (sez me).
If the introduction happens prior to receiving the key, then authentication becomes necessary to avoid MITM.
Maybe I'm not sure what good a "true name" certificate is going to do me in establishing confidence in a key. How will I know that the MITM attack didn't begin with the "true name" registration? (Note that I continue to insist that I very well might be totally without clue here, so correct me brutally if applicable.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~