On 12 August 2013 18:16, Adam Bolte wrote:
This is a really good point. I'm not sure which side of the fence is
best, but I feel that we should quickly discuss this point on
Thursday if time permits.
Problem is that the name of the person doesn't uniquely identify the
person. The email [1] address does.
So I could get people to sign my key as:
Brian May
It matches my passport. It looks right. It must be ok, right?
The fact this email address may not be valid doesn't matter (and is
probably better that way). I now can impersonate Brian May[2], and ensure
he gets blamed for all my evil doings.
Just as he could have a certificate signed with my email address, and
pretend to be me. Sure, he won't get the emails, but can still do a lot of
damage.
[1] Almost always anyway. Sometimes email addresses can be reassigned
however (IIRC Yahoo or somebody was doing this).
[2] hint: http://www.brianmay.com/ - it isn't me!
--
Brian May