North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: hat tip to .gov hostmasters
On Mon, Sep 22, 2008 at 12:14:53PM -0400, Keith Medcalf wrote: > > > > If I cannot authenticate the data myself, then it is simply > > untrusted and untrustworthy -- exactly the same as it is now. > > > so I guess PGP web of trust is right out, then? > [elided] > > If there is a piece of data X signed with a cryptographically generated signature, and *I* verify that indeed the signature is valid, then the signature is valid -- that is, I can say with 100% absolute certainty that specific bit of keying material was used to generate a signature on something and that I have another bit of keying material which validates that signature. I am assured with very high certainty that THE DATA WAS SIGNED BY THE POSSESSOR OF THE SECRET KEYING MATERIAL. > > Nothing more can be determined from the signature. > let me understand this ... your use of the pronoun "I" in these contexts is in reference to your corporal being i.e. meatspace and not a software application running on some computer. --bill
|