On Wed, 2008-11-12 at 11:37 +0100, Stephan Kulow wrote:
I hope you trust me.
Nah, how could I! Even though your mail is signed, I don't have your public key, which of course you could send me now by mail. BUT: this could be the same forged accunt sending me any public key that was used previously to sign that email. We could of course get over this obstacle by calling each other and exchanging the finger print via phone. But as I don't know your voice, you could be any random person picking up the phone and telling me the fingerprint of the wrong public key. So there remains: we have to meet... but then: I have no idea how you look, so you could be any person getting this mail and meeting me at the spot we talk about. So: I bring one of my friends that knows a friend who knows a friend that knows a friend that knows you... and if I can trust ALL the elements in the middle, then I might be sure it is you... but only if I'm absolutely certain none of them in the middle was bribed by you in order to hide your real identity. :) Dominique -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org