[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Good Enough?


First, I must warn you that generating keys on behalf of users is in
general a very bad thing to do.  Instead, you might want to provide a
simple way for users to generate keys and get them certified.  The
biggest problem is that there is not an easy way to get a good set of
random numbers on a server platform.  On the other hand, users can get
a great deal of randomness on their own client machines.  If they can
run netscape, then they can run PGP.

Second, you might want to look at a paper that Jeff Schiller and I
wrote for the 1995 Usenix conference on scaling the web of trust.
The paper is available off my home page or via ftp:

The sources to the keysigner are also in the same directory.

Hope this helps.


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       [email protected]    PP-ASEL     N1NWH    PGP key available