Robot CA -- thanks for the suggestions.
Kyle Hasselbacher
kyle@toehold.com
Sun Dec 8 07:49:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I won't make a habit of announcing changes here, since I don't think it's
the place for it, but all the changes I made tonight are a result of
suggestions made on this mailing list. I thought folks might be
interested. The web page reflects these changes already:
http://www.toehold.com/robotca/
- - The robot's responses are encrypted with the key it's signing.
- - The robot's signatures are "persona" signatures.
- - The robot's signatures include a policy URL.
- - The robot's signatures expire after three months.
- - It's under RCS, so you have revision numbers.
- - I signed the code, so you can verify it when you get it.
- - There's an option in the code (that I'm not using) to ignore a UID if it
contains more than just an email address (so the robot doesn't appear to
verify anything it isn't verifying).
I didn't really get to test that last one much. When I make a key with
GnuPG, it wants my real name to be at least five characters. I didn't
spend much time looking for a way to generate an email-only UID.
I'm thinking about revoking the current robot key (that doesn't expire) and
creating a new one that expires in a few years.
Thank you all for the suggestions. I've gotten a lot out of the discussion
here.
- --
Kyle Hasselbacher | We need free speech in this country
kyle@toehold.com | so we can identify the jerks out there. -- Ted Nugent
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE98uuj10sofiqUxIQRAmVmAKCXcGzK9HshVyi68aLQo7nsbZrX3ACdFhrn
t3OImW2Iq6+F55m6z4FPZVc=
=yIMv
-----END PGP SIGNATURE-----