On Tuesday 31 March 2009 13:16:42 Tim wrote:

> On Tue, 2009-03-31 at 12:27 +0100, Bill Crawford wrote:

> > Ought to be possible for people to visit companies' offices and sign

> > their keys, and add them to the "web of trust" as per PGP / GPG keys.

> > No idea if / how that should be done, in practice, though.

>

> Actually, I'd like to be able to do something like with banking (go into

> the branch, and physically confirm keys used for banking). For the one

> or two people that I've used encrypted mail with, I exchanged keys in

> person.

>

Bear in mind that the Public Key is intended to be just that - public. It is useless to anyone else as only you have the Private Key that forms the pair, so there is no problem at all about the public key being accessible. It can *only* be used to compare against your signature. It cannot be used in any attempt to pretend to be you.

Anne

--

New to KDE4? - get help from http://userbase.kde.org

Just found a cool new feature? Add it to UserBase