-----BEGIN PGP SIGNED MESSAGE----- To: dmandl@bear.com cc: cypherpunks@toad.com Subject: Re: Cypherpunks@hks.net service
No offense, but what's the point? What's next, automated key-signing services? Is this just intended to help people who can't sign easily
Actually, I've already written an automated key signing service. It is called PGPSign, and it uses Kerberos authentication to verify a request to sign a PGP key. It will match the Kerberos identity with the PGP UserID, and given some equivalence (which is a fuzzy thing to explain right now), it will either sign the key or refuse to sign the key. Jeff Schiller and I have written a paper which will be presented at the Winter Usenix conference on the topic, and we plan to make the code available, once I write some documentation for it! There is a good point to this. We are using the already-in-place Kerberos Infrastructure to generate an MIT Certification Authority. The MIT CA is a loose authorization, meaning that it assumes that only you have your password.. This solves the PGP web problem of needing everyone to sign everyone else's key. We plan to make the MIT Keysigner key widely distributed, and ask that everyone trust that key to sign other keys. - -derek -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBuAwUBLt906Th0K1zBsGrxAQEAGgLEDjk8s0CSXZULuhrytEQYhiWFA++qwzZE xMedY2vXFNUOkOzxoYwTpTopYUUOAse3bbPLtSfJYJAjnQtxetUiHBH/JmryXu6W Upu9KNqLZyotVJQarTOvxUA= =Nsm2 -----END PGP SIGNATURE-----