how can PKI/CA ensure that a public key belongs to someone?
@Acer You can’t. The idea of having PKI infrastructure wasn’t meant to confirm your identity.
Instead it was built on as a “web of trust” where people can vouch if it’s really your key.
If pki can t vouch it, how can people vouch it via pki?
@Acer well. Here’s a good way to look at it.
I publish my public key. And i mentioned it in social media for example.
People would vouch for my key that way.
Or… i can built an internal web of trust when we were actually friends with each other in real life and would vouch each other key.
PKI should connect to root central authority.
If you just exchange public keys with friends, you needn’t a pki
@Acer yep. Unless you want someone to vouch for it.
Some PKI like ubuntu keyserver provide comments section if i’m not mistaken.
Someone here = pki
Ubuntu keyserver = pki example
Comments section = vouch method example
The example means they have all kinds of means to vouch for keys, but no proof or authenticity and no standard one.
Right?
