Key signing, authentication

Christian D. Odhner cdodhner at indirect.com
Mon Sep 6 07:16:19 PDT 1993


Recently there was some discussion about when to sign somebody's public
key and when not to. Does anybody have a short, to the point set of
guidelines on when it is ok to sign? I think minimum requirements to sign
would most likely be receiveing that key from the owner both on and off
the net. That way somebody on the net who is doing man-in-the-middle type
attacks is thwarted, as is somebody who gives you the key off the net with
a false net-id. Anyway, I'm sure there's more to it than that, like are
phone calls ok? I mean, how did you get the # anyway? And what about
meeting the person in the flesh? How do you know they are the same person
you talk to on the net? Thinking too much about this could make a person
.realy. paranoid!
______________________________________________________________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner at indirect.com	     | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
My opinions are shareware. To register your copy, send me 15$ in DigiCash.
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
------------------------------------------------------------------------------






More information about the cypherpunks-legacy mailing list