Am 07.06.2017 um 08:50 schrieb Andrew Gallagher:
On 7 Jun 2017, at 06:55, Stefan Claas <stefan.cl...@posteo.de> wrote:
The procedure went like this: I inserted my id-card in a certified
card reader, which i purchased, startet the german certified id-card
software "AusweisApp2" to connect to the CA Server and the server
checked my id-card online and after verification send the signed
pub-key to my email address. Can this procedure be faked by
criminals etc.? I doubt it.
Everything *can* be faked, given enough time, effort and/or money. The correct
question is *would* criminals etc go to the necessary lengths to fake this
procedure, and the answer (as always) is: it depends on what it's worth to
them. :-)
I have no idea how much money is made worldwide by shady companies or
bad people and what techniques for that are used on the Internet. A
public-key certified by the the way i described, assuming GnuPG would
become an accepted world wide standard in the future for digital
signatures, with frontends for Joe user average, would be a way to dry
out bad businesses. The classic WoT or TOFU does not help in this case, imo.
Regards
Stefan
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
