-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Kristian,
>>> This is why you have key validation requirements and >>> signatures/certification. The existence of a key doesn't bind >>> that key to a specific individual, no matter what the UID >>> says. >> Wrong ... the unique email-adress is the problem .. which is >> usually in the UID of the key. > This isn't too relevant from a security perspective wrt a "fake web > of trust" but seems more like a response wrt privacy questions. > Keys have to be validated (typically involving certification) > before use! Would you please explain this to the "normal" user? ;-) They find the key and use it. If they are good, they check the number of signatures and use it. ... and how often do you check the way from your key to my before relying to it? ;-) best regards ... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJwNdsACgkQVuf/iihAxwgXLQCgon0Zp9ZGr4b/XmzlK1kRTbmx NpgAnjiLl7R5rZJwxs5WWmdDvpIqmNS9 =WHiy -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel