how can PKI/CA ensure that a public key belongs to someone?

@Acer You can't. The idea of having PKI infrastructure wasn't meant to confirm your identity.
Instead it was built on as a "web of trust" where people can vouch if it's really your key.

@deesapoetra

If pki can t vouch it, how can people vouch it via pki?

@Acer well. Here's a good way to look at it.
I publish my public key. And i mentioned it in social media for example.
People would vouch for my key that way.

Or... i can built an internal web of trust when we were actually friends with each other in real life and would vouch each other key.

@deesapoetra

PKI should connect to root central authority.
If you just exchange public keys with friends, you needn't a pki

@Acer yep. Unless you want someone to vouch for it.
Some PKI like ubuntu keyserver provide comments section if i'm not mistaken.

Follow

@deesapoetra

Someone here = pki
Ubuntu keyserver = pki example
Comments section = vouch method example

The example means they have all kinds of means to vouch for keys, but no proof or authenticity and no standard one.

Right?

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.