Email address challenge script for KMail
Rob Kaper
cap at capsi.com
Wed Sep 10 16:59:04 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday September 10 2003 11:12 am, Matthias Kalle Dalheimer wrote:
> On Wednesday 10 September 2003 10.26, Andras Mantia wrote:
> The key itself will, but not that additional user ID, AFAIK. So people will
> consider your freemail.hu address still valid, but not your kde.org
> address.
>
> But I am no expert at this, either...
Reasonably you could send a challenge to any e-mail address of keys you
already signed to verify them. But new identities, especially those that are
made default, could be a sign of a compromised secret key though.
That's the problem: just because you met someone who makes a passport claim he
owns the key does not mean no one else has access to the secret key and
passphrase. The fact that the signature of this mail verifies and might have
marginal or full trust for people on this list only means that Rob Kaper
claimed ownership of the key in front of people, not that only Rob Kaper has
access to it.
And thus it is a web of trust, not of security or identity.
Rob
- --
Rob Kaper | "They that can give up essential liberty to obtain a little
cap at capsi.com | temporary safety deserve neither liberty nor safety."
www.capsi.com | - Benjamin Franklin, Historical Review of Pennsylvania, 1759
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/Xy4stppIl2G1SjcRAsLSAKCC60+SEtJJs/V3XWZOYJ+NVbEsjgCgv6qu
E63lxCamb+byTQ4ATcYF1Fg=
=HbW9
-----END PGP SIGNATURE-----
More information about the NoveHrady
mailing list