[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: USENIX PGP key signing service

At 02:04 PM 5/30/96 -0700, Wei Dai wrote:

>2.  If you believe entity x owns public key ... then you should believe
>entity x is a competent plumber and charges a reasonable fee for plumbing 

This can be shortened to:

2'.     I found the owner of public key K to be a competent plumber who
charges a reasonable fee for plumbing services.

Let me put in another plug for a change to PGP to include a small cert datum
in a key ring -- not the present key signature (which is nearly
Meaning-less) but rather a field with:

1.      key (not UserID) being signed
2.      Meaning (like your one sentence), written by the signer
3.      validity date(s)
4.      signing key
5.      signature over (1..3)

The meanings could be:

A:      "I have exchanged encrypted e-mail with the owner of this key at

B:      "I know the owner of this key personally, by the nickname Zorak"

Note that (B) gives you all the machinery you need for the content of SDSI.

Note also that (A) does *not* say "the person you have come to know and love
as the fingers behind messages from cme@cybercash.com is really the owner of
key K"
It could, but that takes more work to establish.  After all, it's not
uncommon in the university environment to have multiple people share one
account and therefore one e-mail address.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |