[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Digital signatures



David Boles:
>>> There is a better chance of me being 'me' than there is of you being
>>> 'you'.  ;-)

Tim:
>> Only on a personal verification level.  ;-)

David Boles:
> Really?

In that *you* know that you are you.

> I sign my emails with a verifiable signature. You sign yours with
> what?

But verifiable against what?

gpg: armor header: Version: GnuPG v1.4.7 (MingW32)
gpg: Signature made Fri 13 Jul 2007 14:04:22 CST using DSA key ID 8D57E101
gpg: using PGP trust model
gpg: Good signature from "David Boles <dgboles gmail com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6947 D60B 79D9 059E 405F  4084 00ED 3034 8D57 E101
gpg: textmode signature, digest algorithm SHA1

NB:  I am playing devil's advocate, here.  I hope that's obvious.  I
have looked very closely at the model that PGP uses over the years.
This "he says he is who claims to be" / "trust me" issue is a core
problem.

-- 
[tim bigblack ~]$ rm -rfd /*^H^H^H^H^H^H^H^H^H^Huname -ipr
2.6.21-1.3228.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]