[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
re: Nuts & Acorns
> To: Tom Jennings
I am considering becoming and "introducer" for parts of FidoNet. I
can't seem to get past the problems of how to assign reliability to
public keys I receive over an unsecured email channel to begin with.
No other method is practical.
Huh? I don't understand what you're pointing out. If I send you my
public key -- even if I cc: dockmaster -- what does it matter that the
NSA knows my public key (unoless they want to send me msgs, too)?
Not my worry. What I meant was, how do I know htat the keyfile I
received from "John Smith @ net address" really is his, and not some
faker. Short of physically getting key disks from someone face to
face (flatly im-possible here), I don't know.
The assurance of course is the social system: if someone sends me a
message and keyfile, "here's my file, my name is Eric Hughes", and I
I can think of no way to prevent this, other than let a social system
detect and repair -- "HEY THATS NOT ME!!!" form the 'real' you would
raise a flag... and an audit trail at the introducers site
(dangerous...!) might help.
Anyhoo, that's what I meant.
--- RM version 0.-1 (watch out)
Tom Jennings - via FidoNet node 1:125/555
INTERNET: [email protected]