--On onsdag, juni 04, 2003 14:16:50 +0200 Alexandru Petrescu
<petrescu(_at_)nal(_dot_)motlabs(_dot_)com> wrote:
Harald Tveit Alvestrand wrote:
nope. we have had a lot of PGP key signing parties at IETFs, but
nothing "official".
I see, I might want to attend.
From what I've read, keys (or fingerprints?) were read aloud.
I generally use wwwkeys.eu.pgp.net when I look for keys, but there's
nothing very magical about that.
I see. So your trust basically relies on the integrity of that
particular server.
not at all. Trust depends on the signatures of the key; I only use the
keyserver to look for keys I don't have on hand.
Did you store the key securely on the keyserver?
Why should I? It's signed, so it's either there or not there - you
can't fake it, just remove it.
Can't I just create a public key with the Harald's name and email
address and then post to this list claiming I'm Harald?
yes, you can. And after all, your real name might be Harald, so I shouldn't
have a way to stop you from doing that.
However, those who care about whether it's me or you posting will look at
who signed it - that's why my key block is so huge; it's got all these
signatures dangling from it....
(And sometimes I wish the keyservers WOULD drop some keys - there's
an old key of mine out there that I don't use any more....)
Sure, they should.
Which keyserver? Which port? The particular network I connect to
is blocking most ports, so I can't retrieve your public key.
It's attached below, too. Anything to increase the
Kbytes-posting-stats :
Thank you, I imported it, but the signature of previous messages didn't
verify, sorry.
I know - signing messages that will be damaged in transit is a VERY hard
problem....