Stan Tobias <st...@privatdemail.net> wrote:
>> > IIUC, your point is that verification would enable one to avoid
>collusion, as it
>> > is the only flaw I can see in this verification scheme.
>> > Except collusion can not be avoided in any way, AFAIK.
>>
>> No.  Avoiding collusion is impossible here.  It just comes down to
>you
>> vouching through your signature on the second key that you have
>> *verified* it.  Nothing more, nothing less.  If you didn't follow all
>of
>> the steps to verify it, why would you sign it with an exportable
>> signature?  
>
>You verify the key(s) by inspecting them and drawing conclusions.
>You have a mathematical proof in front of your eyes.  If "verification"
>is not gathering evidence (for building certainty, or strong belief),
>then what is it?

The issue I was talking about here was whether my insistence on following all 
of the necessary steps for verification in the scenario that we had been 
discussing was because I believed that such seeming pedanticism was a method to 
prevent collusion.  I just pointed out that no amount of verification of the 
key can prevent the key owner from sharing the key or messages encrypted to it 
with other people.  There is no need to believe that verification does not 
yield certainty in the ownership of the key.

Cheers,

--Paul
--
PGP: 3DB6D884

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to