Robot CA at toehold.com
Huels, Ralf SCORE
Thu Dec 5 12:27:02 2002
> I'm interested to hear opinions on this. In particular, my
> robot does not do a challenge/response the way it's usually
> assumed. It just signs the key and sends it to the address
> in the key ID. I rely on delivery failure to eliminate the
> bad signatures.
Hmmm. Your robot appears to sign each UID separately and
apparently it has just quietly declined to sign a test key
with a non-selfsigned UID that I submitted.
That takes care of the two problems that I thought such a system
might have. Still, I would like the idea of encrypting the
signed key material with the key itself before sending it back
so that even in case of some misdirection only the key owner
can publicize the certificate.