Robert J. Hansen wrote: > Because there is no such thing as an 'insignificant' amount of > resources. Everything has a price associated with it. The trick is to > get the most bang for your buck.
Well I guess what's insignificant to one person might not be to another. I know some spammers get addressed by scanning common names, so I would get [EMAIL PROTECTED] instead of [EMAIL PROTECTED] I consider having to type 3 digits more a day to be an insignificant hassle, and well worth the extra security. Robert J. Hansen wrote: >> I you visit Bob and he gives you his fingerprint, and when you get >> home you see that it matches the one on his key, then the key is >> authenticated. > > No. You also have to trust that Bob isn't playing a game with you. That the key is authentic means that it is the key Bob wanted you to have, and has not been changed in a man-in-the-middle attack or by any other means. That's all. You can be sure of this if the fingerprint matches. You do not need to trust Bob for the key to be authentic. Bob can be the biggest liar in the world, you still have his authentic key. To be secure you also need to trust him. Authentication can exist without trust, and trust can exist without authentication, but only both combined creates security. Think of it this way. Let's say you don't trust Google for some reason. Then you go to https://mail.google.com, and verify that the SSL certificate is correct, so you can be sure your not on a phishing site. Would you now claim that the site isn't authentic, just because you don't trust Google? Or if you see someone you don't trust, can your eyes then not authenticate to you that the person is who you think they are? Of course they can, because authentication does not require trust, it's security that does. If you do not trust Bob, you can do gpg --edit-key Bob, then type trust. You will be given these options: 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately >> If you now get Marys key, with a signature from Bob, >> this does not make Marys key authenticated! > > Yes. Like I said: you're really looking for a _trusted_ signature. > Clearly, in this case you do not trust Bob to make signatures that are > in accordance with your security policy. Even if we trust Bob completely, then his signature would still just add trust to Marys key, not authentication. We _trust_ that Bob has checked Marys fingerprint carefully before signing her key, we have not _verified_ that he has. > What world do you live in which offers total assurances of anything > other than the inevitability of death and taxes? A world in which medical advances will get rid of death and crypto-anarchism will get rid of taxes? But seriously, when it comes to people trust is the best you can have. You know your friend is able to hit you in the face, but you have good reasons for strongly believing he/she won't. But that's as good as it gets. There's no proof. You can't be 100% sure. Total assurance can be found in mathematics. You don't trust that 5+5=10, you know it. Oskar _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users