Scott Colins writes:
In the software I used (as recently as last Thursday) the keys are _absolutely_, _positively_ generated locally. Subsequently the public key can be mailed automagically to RSADSI to be incorporated into a certificate ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ which is returned to you. The latest version of RIPEM Mac uses the same procedure for the same functionality.
Well, what keeps people from makeing keys with somebody else's name/user id on them and sending them in to be certified? Where is the authentication from the key certifier's point of view? Just wondering. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner@indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" "If guns are outlawed, only the government will have guns." -E. Abbey My opinions are shareware. For a registered copy, send me 15$ in DigiCash. Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------