-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 arghman escribió: >>> * if I sign a message with that key pair, and someone challenges my >>> identity, what's the best/easiest way for me to prove my identity?
> I don't need them to interoperate, I would just like to use the same key > pair. WoT is fine but it would be nice to have a way to assert that [X = the > person in possession of private key K_pr = me + anyone I'm stupid enough to > share my private key with] is both trustable via Wot, *or* by trusting a > certificate authority. "trustable" probably not the right word but I'm a bit > shaky on the protocol vocabulary. Well... I got a x.509 certificate from CAcert.org, with my name on it. But also, I got CAcert's pgp signature on my pgp key... Also, if you have a Thawte certificate with your name on it, you can use it to sign a message containing your PGP public key, and some people would accept that as a prove the key belongs to you (unless somebody has stolen you email account, and your x.509 certificate). Rather than using the same key pair with x.509 and PGP, I would suggest to use your x.509 certificate as a "proof" of your identity, and if people accept that as a valid proof, then they would sign your pgp key too. Take a look at www.gswot.org people there accepts CAcert and Thawte certificates as valid ways to prove your identity, and can sign your key to reflect that. Of course, that would only help you if the one challenging your identity trusts GSWoT Introducers signatures... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJSdTeAAoJEMV4f6PvczxATgwH/0nnx/75XBguef2Y9vnXBY+E p1oqGeh9g8flCno9FT9c026aPBK5lXU7b8ZNy4mFy9IbP9/qL7lwzMvHOf7TAnM5 D6FigfAHwvxw5ait1whrj3zIbdva5QpqLE7dLqRU8q5PPMnOBxcW7a5YUWZPK+ls B77nTUKjcGk1lEJpeHSqY4gRY0LGcvYWKWbhUxBMf+m+vIl7oFOOo38rD+D3ux9y yGscnY3csV61UHS3ugn0/Ya0h3J7I6UsxBaJJwjmbR9LDyEJMQMRjoIABepQq4/y b6jD618NmOFr5A3Xea0E6VerU3l326YPNDYHlJH934y/8rjEcW13WFYjyj4Zm1k= =zOpK -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
