Robot CA at toehold.com
Kyle Hasselbacher
kyle@toehold.com
Thu Dec 5 11:16:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Looking through Google, I found a thread here from a few months back that
mentions the concept of a "Robot CA". It's basically certificate authority
that verifies only the email address on a key.
I've created such a beast. There's information on it here:
http://www.toehold.com/robotca/
Perl source is available. I also wrote a more descriptive article for
kuro5hin.org, which you can find here:
http://www.kuro5hin.org/story/2002/11/18/135727/66
I'm interested to hear opinions on this. In particular, my robot does not
do a challenge/response the way it's usually assumed. It just signs the
key and sends it to the address in the key ID. I rely on delivery failure
to eliminate the bad signatures.
- --
Kyle Hasselbacher
kyle@toehold.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE97lc110sofiqUxIQRAlQnAJ4jfbztD603S1YN84+GEVzob4p2tQCfQM6o
lRgiqdkQn1zEs4acHGP3zBk=
=lY/s
-----END PGP SIGNATURE-----