[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Key signing, authentication
According to Christian D. Odhner:
>
> Recently there was some discussion about when to sign somebody's public
> key and when not to. Does anybody have a short, to the point set of
> guidelines on when it is ok to sign? I think minimum requirements to sign
> would most likely be receiveing that key from the owner both on and off
> the net. That way somebody on the net who is doing man-in-the-middle type
> attacks is thwarted, as is somebody who gives you the key off the net with
> a false net-id. Anyway, I'm sure there's more to it than that, like are
> phone calls ok? I mean, how did you get the # anyway? And what about
> meeting the person in the flesh? How do you know they are the same person
> you talk to on the net? Thinking too much about this could make a person
> .realy. paranoid!
Well, I think I started that thread with a query. I got lots of discussion and
summarized the (most conservative) concensus in my .plan file. You can read my
policy by typing finger [email protected]. Hope this helps.
>"The NSA can have my secret key when they pry
>it from my cold, dead, hands... But they shall
>NEVER have the password it's encrypted with!"
I love it! ;^)
>
J. Michael Diehl ;^) |*The 2nd Amendment is there in case the
[email protected] | Government forgets about the 1st! <RL>
[email protected] |*God is a good Physicist, and an even
.fidonet.org | better Mathematician. <Me>
[email protected]|*I'm just looking for the opportunity to
(505) 299-2282 (voice) | be Politicly Incorrect! <Me>
Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703.
PGP Key = 7C06F1 = A6 27 E1 1D 5F B2 F2 F1 12 E7 53 2D 85 A2 10 5D