* The CA defines what person is. They might do this by demanding company docs, or in CACert's part, by demanding three trusted OpenPGP sigs. If a person changes its name (or email address), then she becomes another "person" as far as the CA is concerned.
Erm no, our pgp section of the website (signing not looking at sigs) has nothing to do with any of the trust component, the trust component involves forms, paper trails and all the fun stuff dealing with due diligence and identity checks. The person doing the checks then fills in the details on the website via a html form. Most of he guys that go out (usually for free/cost of a coffee), take the face to face checks more serious then most government bodies who are paid to take these things seriously...
(If it were a WoT system, then the user would generate another key and exchange fingerprints again.)
How much time would be required if they needed to do face to face checking on 100's if not 1000's of people, both time and cost prohibitive, and no guarantee you'd be able to cover directly or indirectly everyone with this method...
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
