[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Secure key exchange

To: [email protected]
Subject: Secure key exchange
From: Eric Hughes <[email protected]>
Date: Mon, 30 Nov 92 09:21:39 -0800
In-Reply-To: Edgar W. Swank's message of Sat, 28 Nov 92 07:17:24 PST <[email protected]>


>There is no secure method of exchanging public keys using only the
>net.  [spoofing, etc.]

As mentioned by Hal, the new PGP 2.1 (imminent) has a feature to
create an hash or a public key which can be read over the telephone to
make sure that a key transmitted electronically has not been altered
in transmission.

>[long business description deleted]

There's really no need for a physical authentication service with the
telephone verfication ability.

>Plan B is to exchange/verify public keys face-to-face at parties,

There is just such a plan underway to have a PGP key exchange table at
Usenix in January.

>I have printed up business-card
>size copies of *fragments* of my public keys with the 6-hex-digit
>"Key ID".  

What could easily be printed is the hash function of the key.  That
would be even harder to duplicate.

Eric

Follow-Ups:
- Secure key exchange
  - From: [email protected] (Perry E. Metzger)

References:
- Re: Secure key exchange
  - From: [email protected] (Edgar W. Swank)

Prev by Date: Re: The Cypherpunks Mail Project
Next by Date: Secure Key exchange
Prev by thread: Re: Secure key exchange
Next by thread: Secure key exchange
Index(es):
- Date
- Thread