mysterious PGP release-signing keys
Alex Alten
Alten at home.com
Thu Dec 24 22:57:40 PST 1998
>> This is yet another a good example of why one should never confuse using
PK
>> certificates with security. An email PGP signature looks impressive but in
>> practice it is useless.
>
>It is usefull iff you can verify the validity of the used PK certificate.
>That's what the web of trust in PGP is for.
>
Unfortunately the "if" is false. I have no idea if your fancy PK signature
really represents you. Just look at the recent trouble Black Unicorn has
had with someone else using the same name affiliated with a key stored on
the Network Associates PGP key server. Dave could not verify a PK signature
for the PGP software distribution itself. PKI, or a web of trust, looks
good on paper but in practice it does not work when scaled up to large
numbers of networked users.
- Alex
--
Alex Alten
Alten at Home.Com
Alten at TriStrata.Com
P.O. Box 11406
Pleasanton, CA 94588 USA
(925) 417-0159
More information about the cypherpunks-legacy
mailing list