On Tuesday 10 April 2007 23:51, Arthur Hagen wrote:
> On Tue, 2007-04-10 at 23:27 +0200, Magnus Holmgren wrote:
> > And even if you can't trust that I am me, you can still be confident
> > that all
> > messages signed with this key come from the same person.
>
> That's another (and common) fallacy. That's only the case if the holder
> of the key can be trusted to keep the secret key confidential. When the
> holder of the key can't be trusted to his identity, that can't be
> trusted either.
It is in his own interest to keep it secret, and to have a revocation
certificate ready in case it's compromised. If that's not enough for you, you
really can't trust that person with anything, cryptographic or not.
--
Magnus Holmgren holmgren@???
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
