[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Good Enough?

To: Kevin L Prigge <[email protected]>
Subject: Re: Good Enough?
From: Derek Atkins <[email protected]>
Date: Tue, 14 Nov 1995 16:24:32 EST
Cc: [email protected]
In-Reply-To: Your message of "Tue, 14 Nov 1995 14:13:54 CST." <[email protected]>
Sender: [email protected]

Hi.

First, I must warn you that generating keys on behalf of users is in
general a very bad thing to do.  Instead, you might want to provide a
simple way for users to generate keys and get them certified.  The
biggest problem is that there is not an easy way to get a good set of
random numbers on a server platform.  On the other hand, users can get
a great deal of randomness on their own client machines.  If they can
run netscape, then they can run PGP.

Second, you might want to look at a paper that Jeff Schiller and I
wrote for the 1995 Usenix conference on scaling the web of trust.
The paper is available off my home page or via ftp:
	toxicwaste.mit.edu:/pub/pgpsign/scaleweb.{txt,PS}

The sources to the keysigner are also in the same directory.

Hope this helps.

-derek

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       [email protected]    PP-ASEL     N1NWH    PGP key available

References:
- Good Enough?
  - From: Kevin L Prigge <[email protected]>

Prev by Date: Repeated Words/characters in Password/Phrase
Next by Date: data compression
Prev by thread: Good Enough?
Next by thread: Re: Good Enough?
Index(es):
- Date
- Thread