On Sat, Apr 4, 2009 at 6:37 AM, Jussi-Ville Heiskanen <cimonav...@gmail.com> wrote: > Personally (even though I don't have tattoos) I think I > could give details of myself that would be somewhat > difficult to forge on short notice. The index finger of > my right hand sports a completely healed up lack > of nail. That is to say my index finger has a shrunken > leathery surface where usually there would be a nail.
Okay, great. So if someone shows up with an index finger like yours, there are two possibilities: 1) Someone forged this e-mail from you that I was relying on, and the key I just signed is bogus. 2) This e-mail from you is legitimate, so the key is legitimate. But in this case, why didn't you just skip the middle-man and include the public key in your e-mail and have me sign it from there? Getting a public key from someone who you've only communicated with via e-mail can *never* be more secure than just getting the key via e-mail somehow. As far as I'm concerned, you may as well not exist in real life at all. I've only read your e-mails. Your real-life identity isn't necessary or even useful to my verification of the identity I care about, viz., your e-mail identity. The secure way to do key-signing in situations like this is to attach a GPG signature to every e-mail you send. If you attach the same public key to every single e-mail you send for a few years, then there's no question about whether the key is yours. Whoever is writing the e-mails is the one whose private key is used to sign the mail, period. If all the e-mails you've ever sent are forged, and I only know about you by reading the e-mails, then you *are* the forger as far as I'm concerned. Similarly, my identity can be verified by the fact that I've had commit access and toolserver access for a couple of years based on my private key. So you know (or at least, whoever has access to a secure list of public keys of committers or toolserver users knows) that whoever controls that private key is the one who's been doing all those commits and things, which has pretty much got to be the same person who's been posting on mailing lists and so on. *That* is secure. Key-signings are probably a fun social event, though, even if they aren't worth much from a security standpoint, so don't mind me. :) _______________________________________________ foundation-l mailing list foundation-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
