Robot CA at

Jason Harris
Thu Dec 5 16:54:01 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 05, 2002 at 08:43:44AM -0500, David Shaw wrote:
> On Wed, Dec 04, 2002 at 01:27:49PM -0600, Kyle Hasselbacher wrote:

> >

> > I'm interested to hear opinions on this.  In particular, my robot does =
> > do a challenge/response the way it's usually assumed.  It just signs the
> > key and sends it to the address in the key ID.  I rely on delivery fail=
> > to eliminate the bad signatures.

> I think this is not terribly safe - as "postmaster" for a few sites, I
> know that I get a lot of bounces that would surprise the users the
> mail was intended for.  An unscruplous postmaster could also get the
> signed keys from the mail spool and abuse them.  The only way to be
> totally safe is to never generate a signature unless you intend it to
> be used.

A postmaster could also generate bogus keys (key pairs) and get them
signed, so it all depends on your threat model.

Encrypting the signed key to the key, as someone else mentioned, will
make sure that only the private key holder can extract/use the signature.
This is (probably) as secure as you're likely to get without further human

Does anyone else want to see the signatures from this CA be 0x11/persona
signatures (besides me)?

Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it? | web:

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (FreeBSD)