On Fri, 29 Jun 2001, Manoj Srivastava wrote: > >>"Robbe" == Robert Bihlmeyer <[EMAIL PROTECTED]> writes:
> Robbe> What additional security does this protocol offer over simple ID > Robbe> checking? IOW, what problem does it solve? > Are you implying that ensuring the person whose identity you > verified actually controls the email address and the secret pass > phrase adds no value to the web of trust? Out of curiosity, under what circumstances do you foresee someone bringing a public key that has their name on it, and their photo ID, to a keysigning party, when they don't have the private key that matches it? I'm as puzzled as Robbe wrt the problem this tries to solve. Proving that they control the email address they're asking you to sign does add something to the WoT; I would be inclined to not sign /any/ of the uids of someone I found out had asked me to sign a uid that wasn't theirs. I just can't understand why we have to worry about anyone misrepresenting a key as their own when it has their name on it, since that only hurts their digital identity. Steve Langasek postmodern programmer
