[OSM-talk] Summary of the irc meeting.
Immanuel Scholz
immanuel.scholz at gmx.de
Fri Apr 7 08:52:22 BST 2006
Hi,
> What stops someone from creating a key and signing it for a nonexistant
> person?
A signature itself is only worth something if the signer is already
trusted. So for faking an identity, you have to be a trusted person.
If you fake an identity as a trusted person and someone find out, you can
be made responsible for the thing.
The whole web-of-trust thing isn't bullet proof, but if installed, it
makes massive faking of identities very hard. For scenarios like ours,
where it is not a major failure if only one faked identity can be created,
this is acceptable.
I still don't think it is practicable, but I also don't have *practical*
experiences with web of trusts.
Ciao, Imi.
PS: Before someone suggest: I HAVE experiences with CA's and I found them
inpracticable for small to medium, heavy scattered groups.
More information about the talk
mailing list