AW: Robot CA at

Adrian 'Dagurashibanipal' von Bidder
Sat Dec 7 12:43:02 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

[no cc:s please - no, my MUA can't set custom headers :-( ]
On Fri, 2002-12-06 at 17:37, Kyle Hasselbacher wrote:
> Hash: SHA1
> On Fri, Dec 06, 2002 at 10:38:01AM +0100, Adrian 'Dagurashibanipal' von B=
idder wrote:
> >Yes. IMHO the robotCA should=20
> > - only sign uids consisting of an email adress *only* (no realname, no
> >comment). Yes, people would have to get an additional uid, so what. But
> >then anyone looking at the key can see what was certified.
> > - with 0x11 signature (I see you're going to do that, good).
> > - add a policy URL
> > - have, as Ralf said, a uid comment warning that only the email address
> >has been checked on the signing key.
> If I never sign a UID with a real name or comment (only email address),
> then I don't need to yell so loud (or at all) that that's all I'm
> checking--that's all there is to check.

You'll still need to yell. And most people still wouldn't know or care
about the meaning of it. But with the Granny scenario, it wouldn't
matter much, I agree with you in this point.

> The down side to doing that is, there aren't so many keys that have just
> that.  People have to make a special UID to get signed.  I'd rather work
> with what's there now.  That having been said, I certainly see the securi=
> advantage to doing it your way.

Hmmm. In the Granny scenario, I guess most people would generate the
first key in their life. And if it's integrated in a MUA installer, then
the key could be generated that way.

> Ultimately I'd like to be merely the first of many robot CAs that run.  I=
> others want to have a different (better?) policy on what they sign, I'd
> encourage that.
> [periodic challenges]
> >Of course, requirements here are
> > - a db of the uids that have been signed.
> > - publication of the key with revoked signatures.
> If I keep a list of UIDs that I've signed, I'd have to check the key
> servers to see which actually have my signature before I start challengin=
> them.  Just a detail.

I agree that as soon as someone is going to implement this, more
problems will appear.... I like my proposal, but I can see that it's
absolutely not easy to implement.

-- vbi

this email is protected by a digital signature:

NOTE: keyserver bugs! get my key here:

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)

Signature policy: