On Thursday 20 January 2005 11:25 pm, Jonathan wrote: > On [Thu, 20.01.2005 14:11], Georgi Georgiev wrote: > > So people are currently trusting the *name* of a person, but... What > > happens if I show a proper ID but use fake e-mail addresses in my key? > > Nobody told me how you verify e-mail addresses... > > You send an encrypted string to each email addresses. If you return the > correct string, you pass the test.
The entire problem that encrypting email solves is that where people can access accounts other people have (via sniffing, cracking, or otherwise). Your assumption (that only the person you are expecting can read the account's mail) completely defeats that purpose. If it was impossible for anyone except you to read your mail, why would I ever care to encrypt something to you in the first place? -- Luke-Jr Developer, Utopios http://utopios.org/ -- gentoo-dev@gentoo.org mailing list
