[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure Key exchange

   Date: Mon, 30 Nov 92 08:32:45 EST
   From: [email protected] (Pat Farrell)

   I sign keys only when I am certian that the key belongs to the human who
   claims to have the name on the key. There are not a lot of keys signed
   by me floating arround, maybe six total.....

Ah, but how do we know that it's really you making this statement, and
not some evil NSA spoofer?  What people need to do is to make their
key-signinging policies available _signed_ with their private key; that
way at least we would know that the entity signing the keys and the
entity claiming that this is its policy are the same.  This helps, but
we would then still need to trust that the entity is telling the truth
insofar as its key-signing policy is concerned.

						- Ted