[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Aliases (Re-sent)
-----BEGIN PGP SIGNED MESSAGE-----
content-type: text/plain; charset=us-ascii
I have a question for one of the advocates of using "internet" email
addresses in lieu of distinguished names.
Is firstname.lastname@example.org (cf: Carl's web page) REALLY email@example.com (cf: Carl's
posting to this list)? If so, where would I go to look up the alias
certificate? Will it be in one of firstname.lastname@example.org's signed dns
email@example.com and firstname.lastname@example.org may be used by the same person, but
they are two potentially different roles for Carl (employee-of-CyberCash
vs. member-of-ACM), so they probably should not share keys and should
not be aliased.
If Carl were to leave cybercash, it would not be appropriate for him
to keep use of either the email@example.com address or key, because
persons inside and outside cybercash who were unaware of his departure
might continue send cybercash-confidential information to him by
When he left, along with the key to his desk and the key to his office,
Carl might also want to turn in the private key part of any
firstname.lastname@example.org keypair which he used for confidentiality, to ensure
that his successor(s) would be able to pick up where he left off.
Naturally, he wouldn't want to turn over a signature key, because he
doesn't want his successor to be able to forge his signature.
I'll note that I have two email addresses I use regularly, and two
different PGP keys:
The latter key is for my personal use, and has never been put on
equipment owned by HP. If I ever leave HP, I'll revoke the former key
and continue using the latter.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----