Signed headers (was Re: Evolution signatures)
Wed Aug 6 23:41:01 2003
Content-Type: text/plain; charset=us-ascii
On Wed, Aug 06, 2003 at 04:09:54PM -0400, darren chamberlain wrote:
> This seems to imply that the host's keys would exist in the WoT -- but
> how (why?) would you sign a host's key, as opposed to a persons key?
> It's trivial for a sysadmin to replace one host's key with another.
I'm only using the key servers for distribution of the host-id key, not
implying that the host-ID key is available for public signing (and thus
not interesting in a WoT).
What we need is to create a link between the person and the host, maybe
include the host-ID in the persons public key?
pub 1024D/114AA85C 2003-04-14 Thomas Sjogren <email>
hid <host fingerprint> <date>=20
=3D=3D firstname.lastname@example.org | email@example.com
=3D=3D 3367 0D84 444B D5B6 980E 7D5D 1209 639D 114A A85C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----