AW: Robot CA at toehold.com
Fri Dec 6 18:00:03 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, Dec 06, 2002 at 10:37:28AM -0600, Kyle Hasselbacher wrote:
>>Of course, requirements here are
>> - a db of the uids that have been signed.
>> - publication of the key with revoked signatures.
>If I keep a list of UIDs that I've signed, I'd have to check the key
>servers to see which actually have my signature before I start challenging
>them. Just a detail.
On second thought, I'd rather expire signatures and make people get new
ones. If your service goes away and stops challenging the users, then the
signatures hang around forever. I'd rather they all expire forever.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----