To: Tom Jennings
?? Huh? I don't understand what you're pointing out. If I send you my
tj>> I am considering becoming and "introducer" for parts of FidoNet. I can't seem to get past the problems of how to assign reliability to public keys I receive over an unsecured email channel to begin with. No other method is practical. << public key -- even if I cc: dockmaster -- what does it matter that the NSA knows my public key (unoless they want to send me msgs, too)? << Not my worry. What I meant was, how do I know htat the keyfile I received from "John Smith @ net address" really is his, and not some faker. Short of physically getting key disks from someone face to face (flatly im-possible here), I don't know. The assurance of course is the social system: if someone sends me a message and keyfile, "here's my file, my name is Eric Hughes", and I distribute it... I can think of no way to prevent this, other than let a social system detect and repair -- "HEY THATS NOT ME!!!" form the 'real' you would raise a flag... and an audit trail at the introducers site (dangerous...!) might help. Anyhoo, that's what I meant. --- RM version 0.-1 (watch out) -- Tom Jennings - via FidoNet node 1:125/555 UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG