From: Alex Alten <Alten@home.com>
To: Patrick Feisthammel <pafei@rubin.ch>
Message Hash: b1dee2f61a39556a3bbfd29a6775c0c1000c0b467b05c0676aeae131e90f7ea1
Message ID: <3.0.3.32.19981224212522.009fd100@mail>
Reply To: <3.0.3.32.19981223195440.00b29970@mail>
UTC Datetime: 1998-12-25 06:57:40 UTC
Raw Date: Fri, 25 Dec 1998 14:57:40 +0800
From: Alex Alten <Alten@home.com>
Date: Fri, 25 Dec 1998 14:57:40 +0800
To: Patrick Feisthammel <pafei@rubin.ch>
Subject: Re: mysterious PGP release-signing keys
In-Reply-To: <3.0.3.32.19981223195440.00b29970@mail>
Message-ID: <3.0.3.32.19981224212522.009fd100@mail>
MIME-Version: 1.0
Content-Type: text/plain
>> This is yet another a good example of why one should never confuse using
PK
>> certificates with security. An email PGP signature looks impressive but in
>> practice it is useless.
>
>It is usefull iff you can verify the validity of the used PK certificate.
>That's what the web of trust in PGP is for.
>
Unfortunately the "if" is false. I have no idea if your fancy PK signature
really represents you. Just look at the recent trouble Black Unicorn has
had with someone else using the same name affiliated with a key stored on
the Network Associates PGP key server. Dave could not verify a PK signature
for the PGP software distribution itself. PKI, or a web of trust, looks
good on paper but in practice it does not work when scaled up to large
numbers of networked users.
- Alex
--
Alex Alten
Alten@Home.Com
Alten@TriStrata.Com
P.O. Box 11406
Pleasanton, CA 94588 USA
(925) 417-0159
Return to December 1998
Return to “Patrick Feisthammel <pafei@rubin.ch>”