[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [email protected] service



-----BEGIN PGP SIGNED MESSAGE-----

To: [email protected]
cc: [email protected]
Subject: Re: [email protected] service 

> No offense, but what's the point?  What's next, automated key-signing
> services?  Is this just intended to help people who can't sign easily

Actually, I've already written an automated key signing service.  It
is called PGPSign, and it uses Kerberos authentication to verify a
request to sign a PGP key.  It will match the Kerberos identity with
the PGP UserID, and given some equivalence (which is a fuzzy thing to
explain right now), it will either sign the key or refuse to sign the
key.

Jeff Schiller and I have written a paper which will be presented at
the Winter Usenix conference on the topic, and we plan to make the
code available, once I write some documentation for it!

There is a good point to this.  We are using the already-in-place
Kerberos Infrastructure to generate an MIT Certification Authority.
The MIT CA is a loose authorization, meaning that it assumes that only
you have your password..  This solves the PGP web problem of needing
everyone to sign everyone else's key.  We plan to make the MIT
Keysigner key widely distributed, and ask that everyone trust that key
to sign other keys.

- -derek

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBuAwUBLt906Th0K1zBsGrxAQEAGgLEDjk8s0CSXZULuhrytEQYhiWFA++qwzZE
xMedY2vXFNUOkOzxoYwTpTopYUUOAse3bbPLtSfJYJAjnQtxetUiHBH/JmryXu6W
Upu9KNqLZyotVJQarTOvxUA=
=Nsm2
-----END PGP SIGNATURE-----