[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Senator Leahy, your public key please?



From:	IN%"[email protected]"  "Bill Stewart" 20-MAY-1996 03:34:34.06

>While I agree that keyservers don't need to validate keys - that's a
>job for the web of trust, and the keyserver-admin could sign keys
>if he/she/it wanted to - it may make sense for the keyservers to only 
>accept keys in messages signed by the key itself.  (Just signing the key
>doesn't help much here; you need to sign the key-plus-signatures.)
>Does it make sense to include some similar capability in PGP itself?

	I would suggest that the keyserver should simply keep track (via
keeping the signatures) of which signatures were with the key holder's
permission (signed by the key holder) and which aren't. This won't be necessary
for mutually-signing keys, of course.
	-Allen