Key signing, authentication
J. Michael Diehl
mdiehl at triton.unm.edu
Mon Sep 6 13:51:26 PDT 1993
According to Christian D. Odhner:
>
> Recently there was some discussion about when to sign somebody's public
> key and when not to. Does anybody have a short, to the point set of
> guidelines on when it is ok to sign? I think minimum requirements to sign
> would most likely be receiveing that key from the owner both on and off
> the net. That way somebody on the net who is doing man-in-the-middle type
> attacks is thwarted, as is somebody who gives you the key off the net with
> a false net-id. Anyway, I'm sure there's more to it than that, like are
> phone calls ok? I mean, how did you get the # anyway? And what about
> meeting the person in the flesh? How do you know they are the same person
> you talk to on the net? Thinking too much about this could make a person
> .realy. paranoid!
Well, I think I started that thread with a query. I got lots of discussion and
summarized the (most conservative) concensus in my .plan file. You can read my
policy by typing finger mdiehl at triton.unm.edu. Hope this helps.
>"The NSA can have my secret key when they pry
>it from my cold, dead, hands... But they shall
>NEVER have the password it's encrypted with!"
I love it! ;^)
>
J. Michael Diehl ;^) |*The 2nd Amendment is there in case the
mdiehl at triton.unm.edu | Government forgets about the 1st! <RL>
Mike.Diehl at f29.n301.z1 |*God is a good Physicist, and an even
.fidonet.org | better Mathematician. <Me>
al945 at cwns9.ins.cwru.edu|*I'm just looking for the opportunity to
(505) 299-2282 (voice) | be Politicly Incorrect! <Me>
Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703.
PGP Key = 7C06F1 = A6 27 E1 1D 5F B2 F2 F1 12 E7 53 2D 85 A2 10 5D
More information about the cypherpunks-legacy
mailing list