[OSM-talk] Summary of the irc meeting.

Immanuel Scholz immanuel.scholz at gmx.de
Fri Apr 7 08:52:22 BST 2006


> What stops someone from creating a key and signing it for a nonexistant
> person?

A signature itself is only worth something if the signer is already
trusted. So for faking an identity, you have to be a trusted person.

If you fake an identity as a trusted person and someone find out, you can
be made responsible for the thing.

The whole web-of-trust thing isn't bullet proof, but if installed, it
makes massive faking of identities very hard. For scenarios like ours,
where it is not a major failure if only one faked identity can be created,
this is acceptable.

I still don't think it is practicable, but I also don't have *practical*
experiences with web of trusts.

Ciao, Imi.

PS: Before someone suggest: I HAVE experiences with CA's and I found them
inpracticable for small to medium, heavy scattered groups.

More information about the talk mailing list