how can PKI/CA ensure that a public key belongs to someone?
@Acer You can't. The idea of having PKI infrastructure wasn't meant to confirm your identity.
Instead it was built on as a "web of trust" where people can vouch if it's really your key.
If pki can t vouch it, how can people vouch it via pki?
@Acer well. Here's a good way to look at it.
I publish my public key. And i mentioned it in social media for example.
People would vouch for my key that way.
Or... i can built an internal web of trust when we were actually friends with each other in real life and would vouch each other key.
PKI should connect to root central authority.
If you just exchange public keys with friends, you needn't a pki
@Acer yep. Unless you want someone to vouch for it.
Some PKI like ubuntu keyserver provide comments section if i'm not mistaken.
@Acer wait is it comment section or just a section where there's a list of people whk signed your key? I forgot. I never upload my key to a keyserver
What is whk?
Is it "Who"?
How can the list vouch for keys
