PGP, Inc.
Andrew Loewenstern
andrew_loewenstern at il.us.swissbank.com
Fri May 10 23:06:17 PDT 1996
> The first level, in other words, is less of a
> certification than a PGP key with self-signature and
> signature from one other person. It doesn't have _any_ effort
> to verify that the email address stated on it is the actual
> email address of that nym. Or am I misinterpreting you?
All the first level cert means, and nothing more, is "The name associated
with this key is unique among the first level keys certified by Verisign."
No effort is made to 'verify' the name. If you register your pseudonym with
all of the high-profile CA's that allow it, before you first use the nym, it
becomes much harder to spoof your nym's key. Assuming, of course, that it is
customary for nym's to get their keys certified and for people to check
them.
Bill Stewart, I believe, informally operates a CA that will sign unique nyms keys.
andrew
More information about the Testlist
mailing list