[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: Nuts & Acorns

 > To: Tom Jennings
I am considering becoming and "introducer" for parts of FidoNet. I
can't seem to get past the problems of how to assign reliability to
public keys I receive over an unsecured email channel to begin with.
No other method is practical.
Huh?  I don't understand what you're pointing out.  If I send you my
public key -- even if I cc: dockmaster -- what does it matter that the
NSA knows my public key (unoless they want to send me msgs, too)? 

Not my worry. What I meant was, how do I know htat the keyfile I
received from "John Smith @ net address" really is his, and not some
faker. Short of physically getting key disks from someone face to
face (flatly im-possible here), I don't know.

The assurance of course is the social system: if someone sends me a
message and keyfile, "here's my file, my name is Eric Hughes", and I
distribute it...

I can think of no way to prevent this, other than let a social system
detect and repair -- "HEY THATS NOT ME!!!" form the 'real' you would
raise a flag... and an audit trail at the introducers site
(dangerous...!) might help.

Anyhoo, that's what I meant.
--- RM version 0.-1 (watch out)
Tom Jennings - via FidoNet node 1:125/555
    UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings
INTERNET: [email protected]