[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: public key transfer problem.
On Thu, 11 Feb 1999, Stuart Jacobs wrote:
> Regardless of how you obtain a subject's public key, how do you know that
> the public key you are about to use actually belongs to the intended
> recipient? I suggest that the only way any public key can be used is by
> first having validated the key via a trusted third party in a formal web of
> trust (Certificate Authority and PKI) or by direct communication with the
> key owner for an informal web of trust (ala PGP).
Or by using Secure DNS -- again, see RFC 2065. Agreed that this is an
issue, but in general there's a solution for each possible access route.
Henry Spencer
henry@spsystems.net
(henry@zoo.toronto.edu)
References: