Robot CA at

Per Tunedal
Fri Dec 6 10:53:02 2002

At 11:13 2002-12-05 -0500, you wrote:
 >On Thu, Dec 05, 2002 at 02:09:58PM +0100, Michael Nahrath wrote:
 >> Verifying nothing but mail adresses can be valid for a limited time.
 >> Mail addresses cange more often than real-life-identities.
 >> Your signature should reflect this in some way.
 >> Either you give signatures that expire after a certain time (eg 6 months).
 >> I don't know if this is possible and if it doesn't raise a bunch of
 >> compatibility problems.
 >> Or you let the signing key expire (eg after 1 year).
 >Better to expire the signatures themselves.  If you expire your
 >signing key, then everyone will have to get their key re-signed.

I agree. Otherwise the CA-service would be useless.

 >> Important:
 >> IMHO one encrypted communication path is mandatory. That would verify that
 >> the holder of the mail address is also in posess of the secret key and the
 >> passphrase.
 >Yes, but it doesn't have to be encrypted.  Signatures are made on the
 >primary key, which is (99.9% of the time) a key that can sign.  You
 >can do the same thing by sending a challenge and asking for it to be
 >signed.  This is what I did with

Agree! It is important to have the ability to sign signingkeys. Otherwise 
the service would be useless in an automated environment (invisible GUI).

 >Note also that OpenPGP defines multiple signature verification
 >levels.  I've argued in the past, and continue to argue now that any
 >automated signer should use 0x11 "persona" signatures as a hint that
 >this is an unusual signature.

0x11 means "I have not checked at all"? Then its the best choice.

Per Tunedal