[linux-elitists] SWOT (formerly "Phil Zimmermann on key exchange")

Don Marti dmarti@zgp.org
Fri Dec 14 09:40:24 PST 2001


begin Paul Holman quotation of Fri, Dec 14, 2001 at 12:38:50AM -0800:

> First, can somebody please send me a reference for this alleged "Robot 
> CA" article so I can read it.

http://linuxjournal.com/article.php?sid=5605 includes Phil's comments
on the robot CA idea from the keysigning BoF at ALS.

> I also look forward to redeployment of Stuart Stubblebine's PGP 
> Pathfinder or equivalent.  A graphical representation of the degrees of 
> separation in PGP goes a long way toward increasing usability of this 
> lossy web of trust.

http://dtype.org/keyanalyze/ has the data -- the question is how
to actually draw it.

> I support the standardization of a X-My-PGP-Key type mail header, though 
> clients should be able to go find keys based on signatures anyway.

Signing the mail gets you more than just a header would at not much
more cost in bandwidth.  People are reluctant to sign mail, though,
because of bad client support, and bad rendering of signatures in
list archives.

For example, my archiver script can sometimes
read Karsten Self's mail and sometimes not.
http://zgp.org/linux-elitists/20010412181703.G15282@navel.introspect.html

> My goal is to produce a best practices RFP that defines an attribute in 
> OpenPGP for this purpose, and then seek support from the various 
> implementers of OpenPGP.  I think the EFF is well situated to garner 
> support from these developers by supporting SWOT as a means of improving 
> PGP usability.

There might be an alternative:

1. Sign every piece of mail you can until the mail client vendors and
list archives start displaying the signatures in a sensible way.

2. (This is from the keysigning BoF) "Local-sign" every key that keeps
getting posted publicly without gettting challenged.

-- 
Don Marti          What do we want?  Free Dmitry!  When do we want it?  Now!
http://zgp.org/~dmarti
dmarti@zgp.org                                  Free the web, burn all GIFs.
KG6INA                                               http://burnallgifs.org/



More information about the linux-elitists mailing list