At 9:27 PM -0700 10/27/05, cyphrpunk wrote:
Every key has passed through dozens of hands before you get to see it. What are the odds that nobody's fucked with it in all that time? You're going to put that thing in your mouth? I don't think so.
So, as Carl Ellison says, get it from the source. Self-signing is fine, in that case. "Certificates", CRLs, etc., become more and more meaningless as the network becomes more geodesic.
Using certificates in a P2P network is like using a condom. It's just common sense. Practice safe cex!
Feh. You sound like one of those newbs who used to leave the plastic wrap on his 3.5" floppy so he wouldn't get viruses... Cheers, RAH What part of "non-hierarchical" and "P2P" do you not understand? -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'