Secure Key exchange

[Pat Farrell]

Bob Stratton suggests we hash out ideas on key signing prorocols. Ok, here
is what I do:

I sign keys only when I am certian that the key belongs to the human who
claims to have the name on the key. There are not a lot of keys signed
by me floating arround, maybe six total. My sig does not mean that the
key is not owned by a cop or NSA/CIA/KGB agent (Unlike Edgar's service) 
because I can't tell. So if you care about that stuff, start your
own web of trust with "higher" standards. My sign doesn't mean
that the person is really who they claim to be, I can't tell
that either. I've signed the key of a guy claiming to be "Ray
Kaplan" because I believe that he uses that name reegularly.
But I don't know that his name isn't really Boris Badinov.

You won't find my sig on Phil Zimmermann's key,
even tho that is a popular activity. Phil is a Net/Ether
person to me. My sig means that there is a real person with 
that name. I was at NCSC and exchanged keys there. I'll be
at CFP-3 and exchange keys there too. And if you are in my
area, (suburban Wash DC) we can meet and exchange keys.

I see no reason to hurry. A slowly growing web of trust that
is strong is far more useful than an exploding web of trash.

Pat

Pat Farrell,      Grad Student                       pfarrell at cs.gmu.edu
Department of Computer Science, George Mason University, Fairfax, VA
PGP key available via finger or request           #include standard.disclaimer
Write PKP. Offer money for a personal use license for RSA.