From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 11 May 1996 14:06:17 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP, Inc.
In-Reply-To: <01I4IPAJCSGG8Y5AJT@mbcl.rutgers.edu>
Message-ID: <9605101850.AA01792@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  	The first level, in other words, is less of a
>  certification than a PGP key with self-signature and
>  signature from one other person. It doesn't have _any_ effort
>  to verify that the email address stated on it is the actual
>  email address of that nym. Or am I misinterpreting you?

All the first level cert means, and nothing more, is "The name associated  
with this key is unique among the first level keys certified by Verisign."   
No effort is made to 'verify' the name.  If you register your pseudonym with  
all of the high-profile CA's that allow it, before you first use the nym, it  
becomes much harder to spoof your nym's key.  Assuming, of course, that it is  
customary for nym's to get their keys certified and for people to check  
them.

Bill Stewart, I believe, informally operates a CA that will sign unique nyms keys.


andrew