discussion on increasing amount of gpg signatures...

Owen Blacker owen@flirble.org
Sat Oct 13 22:09:02 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Florian Weimer wrote (2001-10-13 T 20:55 +0200):

>
> > > Verifying that the key holder has control of the key's e-mail
> > > address isn't part of many key signing party verification
> > > procedures, especially less formal ones.
> >
> > This is extremely true. One way to ameliorate this is to use a
> > challenge-response pair for each e-mail address on the key.
>
> IIRC, the most obvious challenge-response protocol (and the most
> sensible one) for certifying keys has been patented, and I don't
> know if the extension to cover (multiple) email addresses is enough
> to bypass this patent. (Just in case if you want to do this more
> regularly.)
Patented where. We're not all in the same jurisdictions here... :) x - -- Owen Blacker | Senior Software Developer and InfoSecurity Consultant See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys Sig 0x3e2056b9 | 18cd 92aa 32aa 81b9 f5e8 c520 6475 6239 3e20 56b9 - -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety --Benjamin Franklin, 1759 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7yJ7DZHViOT4gVrkRAi5aAKC+uV/wLjvBuDLrw0TjndZjUHKSmwCdH1Om QEozV2dCBM8JegDqmkyKwcg= =3Eiv -----END PGP SIGNATURE-----