Signed headers (was Re: Evolution signatures)

Thomas Sjögren
Wed Aug 6 23:41:01 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 06, 2003 at 04:09:54PM -0400, darren chamberlain wrote:
> This seems to imply that the host's keys would exist in the WoT -- but
> how (why?) would you sign a host's key, as opposed to a persons key?
> It's trivial for a sysadmin to replace one host's key with another.

I'm only using the key servers for distribution of the host-id key, not
implying that the host-ID key is available for public signing (and thus
not interesting in a WoT).
What we need is to create a link between the person and the host, maybe
include the host-ID in the persons public key?
For example:

pub  1024D/114AA85C 2003-04-14 Thomas Sjogren <email>
hid <host fingerprint> <date>=20

=3D=3D |
=3D=3D 3367 0D84 444B D5B6 980E 7D5D 1209 639D 114A A85C

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.2 (GNU/Linux)