[Wolves] PGP

[Peter Cannon]

On Thursday 12 Aug 2004 11:31, The wise and knowledgeable Jon Farmer 
proclaimed:

> Err I have to disagree. Passports and driving licences are increasing
> stolen and forged. Also while I am not suggesting Verisign or any other
> third party signing authority are not to be trusted they never
> personally know the person they are digitally signing.

Without falling out with you your argument doesn't stand up.

1. Why on earth would someone send a stolen or faked passport? The point is, 
to gain that type of signature you will have had to supply documents, most 
people know you will have had to supply documents (genuine, faked, stolen or 
forged) and therefore the trust level is stronger than a signature you have 
written out yourself. its like me saying I'm worth 4 million quid you 
wouldn't believe me until you saw a bank statement.

2. I don't know you personally so does that mean I shouldn't trust your Sig?

> PGP works on a web of trust and is the best method I have ever seen of
> being certain of an identity. I only ever sign and trust public keys of
> people I have met in person and have had the key provided to me in
> person. I would never implicitly trust a verisign identity as I have not
> control over it whereas if I have signed a key I would implicitly trust
> it for my use only.

Woh! Web? Trust? I trust nothing web wise, Viruses, spiders, scripts, addware, 
rouge sites, blah blah blah!

The WWW is the best market for malicious evil individuals they can be anyone 
anywhere and you wouldn't have a clue.

> How about a WLUG key signing party sometime.. :-)

I thought we promoted OPEN, FREE ideals? this smacks of closed selectiveness, 
no key, no entrance. Looks like I'll be locked out then, :-)

-- 

Regards

Peter Cannon

peter at cannon-linux.freeserve.co.uk

"There is every excuse for not knowing!"
"But there is no excuse for not asking!"