key-signing for pseudonyms
atom-gpg at suspicious.org
Sat May 15 18:25:11 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
here's a thought....
let's say i meet someone and their key-name is a pseudonym. we want to
sign each others' keys, but i have no idea who this person is.
we can generate a random string (while face-to-face) and each write that
down on paper (taking precautions that this shared secret remains secret).
later, i generate (by myself) a second random string and email it to them,
encrypted and signed. when they mail me back both strings, encrypted and
signed, i sign their key and send it back encrypted (and delete my local
copy of their key signature). when the signature appears publicly, can
there be much doubt that i'm dealing with the same person i met?
if both of us are using pseudonyms, we agree on two random strings when we
meet... one string is their secret that they confirm with me, the other is
my secret that i confirm with them.
how secure (trusted?) is such a protocol?
what level of trust (signature) would this earn?
in such a situation, what disclaimers might someone use in a policy-url?
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"The hottest places in hell are reserved for those who in
times of great moral crises maintain their neutrality."
-- Dante Aleghieri (1265-1321)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
-----END PGP SIGNATURE-----
More information about the Gnupg-users