Robot CA at

Kyle Hasselbacher
Thu Dec 5 18:42:02 2002

Hash: SHA1

On Thu, Dec 05, 2002 at 10:54:47AM -0500, Jason Harris wrote:

>A postmaster could also generate bogus keys (key pairs) and get them
>signed, so it all depends on your threat model.

It's true that anyone who can intercept your email can generate a
bogus-but-signed key.  Challenge/response systems have the same problem,
however.  In a sense, if the attacker can intercept the victim's email, the
verification is working--the attacker DOES have access to that email
address, and that's all the robot is trying to find out.  From the robot's
point of view, there's no difference between this and two (or more) people
who legitimately and knowingly share an email address.

>Does anyone else want to see the signatures from this CA be 0x11/persona
>signatures (besides me)?

Yes.  I didn't do it because I was put off by GnuPG's "I have done no
verification" description.  It does SOME verification, just not a lot.
Since I'm seeing multiple people suggest this, I'll probably do it this way
in the near future.
- -- 
Kyle Hasselbacher           The future isn't what it used to be.                         -- Arthur C. Clarke
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see