couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <randall.le...@gmail.com>
Subject Re: On Key Signing (was Re: [VOTE] Apache CouchDB 1.2.0 release, fifth round)
Date Sat, 31 Mar 2012 05:23:20 GMT
On Fri, Mar 30, 2012 at 17:23, Jason Smith <jhs@iriscouch.com> wrote:
> You are not confirming that somebody is who he says he is. You are
> simply confirming that he bears the key that he says he has. The
> latter is a much simpler problem.

That's precisely my point. I have a giant stack of evidence that says
Noah bears this key.

Also related to my anecdote about signing parties I've experienced,
wherein nobody asks me to prove that I own the private key, I'll note
it's sort of unnecessary. Signing *their* keys and publishing that
demonstrates that I own the private keys corresponding to my identity
of my signature. But for that first signature with an unconnected
other, it seems like the "right" thing has nothing to do with driver's
licenses or photo ID, but everything to do with exchanging a signed
message over a secure channel, which is slightly more than "hey, the
fingerprints on our screens match", which just says that you're
talking about the same key (whose owner may or may not be present).

Mime
View raw message