Senator Leahy, your public key please?
E. ALLEN SMITH
EALLENSMITH at ocelot.Rutgers.EDU
Wed May 22 01:14:46 PDT 1996
From: IN%"stewarts at ix.netcom.com" "Bill Stewart" 20-MAY-1996 03:34:34.06
>While I agree that keyservers don't need to validate keys - that's a
>job for the web of trust, and the keyserver-admin could sign keys
>if he/she/it wanted to - it may make sense for the keyservers to only
>accept keys in messages signed by the key itself. (Just signing the key
>doesn't help much here; you need to sign the key-plus-signatures.)
>Does it make sense to include some similar capability in PGP itself?
I would suggest that the keyserver should simply keep track (via
keeping the signatures) of which signatures were with the key holder's
permission (signed by the key holder) and which aren't. This won't be necessary
for mutually-signing keys, of course.
-Allen
More information about the cypherpunks-legacy
mailing list