1996-05-11 - Re: PGP, Inc.

Header Data

From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
To: “E. ALLEN SMITH” <EALLENSMITH@ocelot.Rutgers.EDU>
Message Hash: b817c20add5d9f2629a4878a72fc0320b82effa41dcaa2574b615da2d9b0a4d4
Message ID: <9605101850.AA01792@ch1d157nwk>
Reply To: <01I4IPAJCSGG8Y5AJT@mbcl.rutgers.edu>
UTC Datetime: 1996-05-11 06:06:17 UTC
Raw Date: Sat, 11 May 1996 14:06:17 +0800

Raw message

From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 11 May 1996 14:06:17 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP, Inc.
In-Reply-To: <01I4IPAJCSGG8Y5AJT@mbcl.rutgers.edu>
Message-ID: <9605101850.AA01792@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  	The first level, in other words, is less of a
>  certification than a PGP key with self-signature and
>  signature from one other person. It doesn't have _any_ effort
>  to verify that the email address stated on it is the actual
>  email address of that nym. Or am I misinterpreting you?

All the first level cert means, and nothing more, is "The name associated  
with this key is unique among the first level keys certified by Verisign."   
No effort is made to 'verify' the name.  If you register your pseudonym with  
all of the high-profile CA's that allow it, before you first use the nym, it  
becomes much harder to spoof your nym's key.  Assuming, of course, that it is  
customary for nym's to get their keys certified and for people to check  
them.

Bill Stewart, I believe, informally operates a CA that will sign unique nyms keys.


andrew





Thread