pgpfan:certifyonce
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | pgpfan:certifyonce [2021/06/02 15:54] (current) – created b.walzer | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ======Certify Once====== | ||
+ | |||
+ | OpenPGP embodies a certify once scheme for messaging. The certification here is when someone determines that the [[pgpfan: | ||
+ | |||
+ | * You give them your identity in person. | ||
+ | * They get it from something like a key server and then confirm the fingerprint by scanning a QR code on your phone screen or by reading the fingerprint over a voice call. | ||
+ | |||
+ | They then certify it as legitimate and that is it. They are done. They can then send encrypted messages to you with complete assurance that you are the only one that can decrypt them. They can check the signatures on any of your signed messages with complete assurance that a good signature means that you actually signed it. They store their copy of your OpenPGP identity on their device(s) and there is no way for anyone to interfere with the certification or your identity short of breaking into the device(s). Even if such a break in did occur there would be no way to interfere with the certification or your identity short of getting access to the private key and passphrase. That is because the certification is done as a signature. | ||
+ | |||
+ | A counterexample could be the [[wp> | ||
+ | |||
+ | The point here is that OpenPGP entirely avoids this type of issue in the first place in a simple and straightforward way. | ||
+ | |||
+ | [[pgpfan: | ||
pgpfan/certifyonce.txt · Last modified: 2021/06/02 15:54 by b.walzer