North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: What happened to dot pro... (BTW)
John R Levine wrote:
No actually a PGP signature assures you that a particular private key was used to sign a message. It doesn't tell you whether that key belongs to who you think it does. Thus you would verify the key fingerprint via an out of band method (phone, in person, business card). I don't see how a limited access domain helps in binding keys to people, unless the registrars are going to start acting as CAs as well. Anyone can create a PGP key with firstname.lastname@example.org as an associated email address.A PGP or S/MIME signature assures you that the mail definitely came from the address it purports to come from, but it doesn't tell you whether that person is who you think it is. That's where limited access domains can help.