Robot CA at toehold.com
Olaf Gellert
gellert@arasca.de
Fri Dec 6 09:17:03 2002
Hi,
On Wed, Dec 04, 2002 at 01:27:49PM -0600, Kyle Hasselbacher wrote:
> I'm interested to hear opinions on this. In particular, my robot does not
> do a challenge/response the way it's usually assumed. It just signs the
> key and sends it to the address in the key ID. I rely on delivery failure
> to eliminate the bad signatures.
Hmmm... The keys you send may find their way to the
sender on another way (eg postmaster) so it may not
be enough to verify the email address...
And of course (as mentioned in some other mail) you should
only sign the uids containing this special email-address.
This is a funny idea, though I am not sure if I would
trust the signature of your CA (but it may help in my
decision)...
Cheers, Olaf
--
Olaf Gellert _ - __o
gellert@arasca.de _- _`\<,_
http://www.arasca.de/olaf/ - (_)/ (_)
----------------------------------------------------------------------
Most people would sooner die than think; in fact, they do so.
-- Bertrand Russell
----------------------------------------------------------------------