Not via keys/passwords. but via some other known attributes. Which, interestingly, is the way most of us do it in ordinary daily life with friends/family/co-workers/etc. So IF you have a prior "relationship" with someone (emails over several years maybe) this is quite likely to be a more reliable verification process than checking some key which may have been stolen or simply given away.