At 15:30 11/28/95 -0500, Carl Ellison wrote:
BTW -- PGP currently lacks a way for me to note, when I sign a key, how it is that I trust that key (by personal meeting, by attribution, by message association, ...). A signed attribute record would let me record that information for myself as well as for others.
There is more to this problem than how it is that I trust the key. There is also what I trust it for. I just added a key to my key ring that I will use for sending confidental data to a client site. I trust that no one can access the secret key who is not also inside their firewall. However, the key is on a multi-user system, so I do not trust that it is accessable to only one person. Since the data I intend to send will be publicly available inside the firewall, I don't have to trust more than the firewall. It is hard to see how to record the information about how much I trust the receipent's systems security. Bill ----------------------------------------------------------------- Bill Frantz Periwinkle -- Computer Consulting (408)356-8506 16345 Englewood Ave. frantz@netcom.com Los Gatos, CA 95032, USA