> > The question of a global PKI is to remove anonymity. You can trace back
> > to a real person (legal person) from the certificate. Who can offer
>
> No. You can trace back to the fact that the signed data was at the same
^
a hash of
> place as the private key, at the same time. It most certainly does *not*
> prove that a given person intentionally signed it.
I've seen people *who operate CAs* lose sight of the fact that it's
the hash that's signed, not the full data.