[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: yet another <auth> type
At 06:41 AM 2/21/97 -0500, Carl Ellison wrote:
>It makes sense to issue an SPKI cert for the statement:
>"The subject keyholder (K1) is the same person as the keyholder of (K2),
> on <date>."
>This allows someone to start a service by which someone can map
>old keys to new ones.
You don't need a service, though perhaps you need a syntax.
If you have a statement saying
"There is at least one holder of both K1 and K2 on <date>"
signed by both K1 and K2, it carries as much information as a service
could actually verify, e.g. either one person walked up to the counter
and demonstrated the ability to sign with both keys, or the service sent
email to the addresses used by the two keyholders and received
signed responses. Is there some other meaning that you can't get by
do-it-yourself signing? The interesting cases are when more than
one person or email address has one of the keys....
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 firstname.lastname@example.org
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)