On Tuesday 31 March 2009 13:16:42 Tim wrote:
> On Tue, 2009-03-31 at 12:27 +0100, Bill Crawford wrote:
> > Ought to be possible for people to visit companies' offices and sign
> > their keys, and add them to the "web of trust" as per PGP / GPG keys.
> > No idea if / how that should be done, in practice, though.
>
> Actually, I'd like to be able to do something like with banking (go into
> the branch, and physically confirm keys used for banking). For the one
> or two people that I've used encrypted mail with, I exchanged keys in
> person.
>
Bear in mind that the Public Key is intended to be just that - public. It is useless to anyone else as only you have the Private Key that forms the pair, so there is no problem at all about the public key being accessible. It can *only* be used to compare against your signature. It cannot be used in any attempt to pretend to be you.
Anne
--
New to KDE4? - get help from http://userbase.kde.org
Just found a cool new feature? Add it to UserBase