[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate proposal
Don M. Kitchen writes:
> > If we are forced to exchange keys remotely, then perhaps some sort of
> > "proof" techniques could be used to establish to some level of
> > assurance that the remote entity I *think* is you is really you. Or
> So who is Pr0duct Cypher then? And why should I have to produce ID saying
> my name is Don, unless I'm proving my Real Name[tm] is Don.
Right. If we're forced to exchange keys remotely, I just have to deal
with the possibility that I'm being spoofed.
> > you could provide me with a key, and then I could poll a list of
> > references to inquire as to the "goodness" of the key. This seems to
> But there's no way to prove that there's no MITM. But "middle" is a
> subjective term.
Yes, that's why I put "proof" in quotes. I guess I meant "demonstrate
to a personally sufficient level of satisfaction".
| Nobody's going to listen to you if you just | Mike McNally ([email protected]) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX |