[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Looking up keys by email address
-----BEGIN PGP SIGNED MESSAGE-----
Hal,
this will me much more clear in the new draft. The old one was written
before we fully digested SDSI. The answer is that one looks up keys for
e-mail purposes by SDSI name. That's the only one meaningful to you.
If the e-mail address is the name you care to use, then you need to go to
the authoritative source for such bindings: DNSSEC. There should be no
problem planting SPKI certs in a DNSSEC record -- but the important thing
here is that if you want to map from e-mail name to key, you need the cert
issued by an authority on that name -- and that's someone in the DNS hierarchy.
In general, though, you should probably define your own nicknames (SDSI
names) for people you know and want to send confidential mail to, and
generate your own NAME certificates for them (or just hold the <name,key>
bindings in a tamper-proof local database). You could then go from those
nicknames not only to a known good key but also to an e-mail address.
Does this answer your question?
- - Carl
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMxSxy1QXJENzYr45AQE08gP/bXdZcEdOPkMxRxIgDNiaQBBQWUEmTcmJ
2uYShDT5H5VbouwYVsKgoLqiZCoUPHOxaqH3JhUViE15pRYHmuvmMBthwWoMJHCt
AU0zl+6OmPn94lmkj+DCIk4THhx9o2Cg4dWKnhr6sDhMlQoIZcKOm9K0jDRvLLij
qL0TLhDFNWM=
=9DUF
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: