[Ach] Ach Digest, Vol 7, Issue 21

ianG iang at iang.org
Mon Mar 31 17:35:52 CEST 2014

Hi Leon,

On 31/03/2014 14:25 pm, Leon Letto wrote:
> I do think there is some value in the comodo process as long as its
> cryptographically sound since:
> 1) unless you are actually physically in Toronto, there is no way for
> you to personally verify that I am the person at leon.letto at gmail.com
> <mailto:leon.letto at gmail.com>.

Who would want to do that?  If you're a nice guy, I'm happy to deal with
you regardless of the geophysical nature of the entity that I cannot see.

> 2) because of 1 when I say on my github/blog/signature that this is my
> email address and post my self signed key, you mileage may vary (because
> of many indefinite links between the chain of trust)

I'll be happy to trust your github code.  The code sings, and the key
just keeps it singing the same tune.  The words in this post make sense,
it's enough for me.

> 3) because of 2 when Comodo is saying I am who I say I am (at least that
> they have verified my e-mail)  that adds an extra link in this chain
> which is significant I think.


> https://bettercrypto.org/  is an amazing project and I hope that adding
> some guides to make it easier for end-users to use crypto is somewhat
> related (and definitely needed).  Lots more work to do there for many,
> many people.
> This whole web of trust thing is going to be a hard nail to drive home IMHO.

Have a look at CAcert's version of the WoT with assurers.  Totally
amazing what we are doing with it in Africa ;)  But it can't be
explained, only shown.


More information about the Ach mailing list