discussion on increasing amount of gpg signatures...
Owen Blacker
owen@flirble.org
Sat Oct 13 22:09:02 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Florian Weimer wrote (2001-10-13 T 20:55 +0200):
>
> > > Verifying that the key holder has control of the key's e-mail
> > > address isn't part of many key signing party verification
> > > procedures, especially less formal ones.
> >
> > This is extremely true. One way to ameliorate this is to use a
> > challenge-response pair for each e-mail address on the key.
>
> IIRC, the most obvious challenge-response protocol (and the most
> sensible one) for certifying keys has been patented, and I don't
> know if the extension to cover (multiple) email addresses is enough
> to bypass this patent. (Just in case if you want to do this more
> regularly.)
Patented where. We're not all in the same jurisdictions here... :)
x
- --
Owen Blacker | Senior Software Developer and InfoSecurity Consultant
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig 0x3e2056b9 | 18cd 92aa 32aa 81b9 f5e8 c520 6475 6239 3e20 56b9
- --
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety --Benjamin Franklin, 1759
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7yJ7DZHViOT4gVrkRAi5aAKC+uV/wLjvBuDLrw0TjndZjUHKSmwCdH1Om
QEozV2dCBM8JegDqmkyKwcg=
=3Eiv
-----END PGP SIGNATURE-----