From: J. Michael Diehl <mdiehl@triton.unm.edu>
Date: Sun, 11 Jul 93 20:11:59 PDT
To: cypherpunks@toad.com
Subject: Radical Paranoia?
Message-ID: <9307120311.AA07241@triton.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


     I'm having a philisophical problem reguarding when to sign someone
else's public key.  
 
     Obviously, if you watch someone generate a key, and they physicaly hand
you a copy of it, you should sign it.  Fortunately, life has been this good
to me about 5 times.  But what if life isn't so good?
 
     Lets say someone emails me a key and the return address matches that of
the address in the key.  Do I assume no one is spoofing me?  You have to
admit that this is possible albeit unlikely.  What good is key certification
if it only "probably valid?"  I've noticed that many of the keys on the
server are signed with the same person's key.  I doubt that these people
have had physical contact with each of the people who's key that they've
signed.  Am I just being paranoid, or is there a valid issue here?  I
welcome any of your comments.
 
+-----------------------+-----------------------------+---------+
| J. Michael Diehl ;-)  | I thought I was wrong once. | PGP KEY |
| mdiehl@triton.unm.edu |   But, I was mistaken.      |available|
| mike.diehl@fido.org   |                             | Ask Me! |
| (505) 299-2282        +-----------------------------+---------+
|                                                               |
+------"I'm just looking for the opportunity to be -------------+
|            Politically Incorrect!"   <Me>                     |
+-----If codes are outlawed, only criminals wil have codes.-----+
+----Is Big Brother in your phone?  If you don't know, ask me---+