Re: kernel.org status: establishing a PGP web of trust

From: Krzysztof Halasa
Date: Thu Oct 06 2011 - 13:45:50 EST

Next message: Greg KH: "Re: kernel.org status: establishing a PGP web of trust"
Previous message: Mark Brown: "Re: kernel.org status: establishing a PGP web of trust"
In reply to: Mark Brown: "Re: kernel.org status: establishing a PGP web of trust"
Next in thread: Mark Brown: "Re: kernel.org status: establishing a PGP web of trust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark Brown <broonie@xxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:

> A common approach to this for at least the e-mail portion of the address
> is to sign the ID with the address and then mail the signed key
> encrypted to the address, deleting all local copies and requiring that
> the recipient publish the signature. This at least demonstrates that
> the owner of the key can read mail at that address.

The assumption here is the attacker can read (and write) victim's email.
It's not about verifying email access or address.
--
Krzysztof Halasa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: kernel.org status: establishing a PGP web of trust"
Previous message: Mark Brown: "Re: kernel.org status: establishing a PGP web of trust"
In reply to: Mark Brown: "Re: kernel.org status: establishing a PGP web of trust"
Next in thread: Mark Brown: "Re: kernel.org status: establishing a PGP web of trust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]