[linux-elitists] SWOT (formerly "Phil Zimmermann on key exchange")
Fri Dec 14 09:40:24 PST 2001
begin Paul Holman quotation of Fri, Dec 14, 2001 at 12:38:50AM -0800:
> First, can somebody please send me a reference for this alleged "Robot
> CA" article so I can read it.
http://linuxjournal.com/article.php?sid=5605 includes Phil's comments
on the robot CA idea from the keysigning BoF at ALS.
> I also look forward to redeployment of Stuart Stubblebine's PGP
> Pathfinder or equivalent. A graphical representation of the degrees of
> separation in PGP goes a long way toward increasing usability of this
> lossy web of trust.
http://dtype.org/keyanalyze/ has the data -- the question is how
to actually draw it.
> I support the standardization of a X-My-PGP-Key type mail header, though
> clients should be able to go find keys based on signatures anyway.
Signing the mail gets you more than just a header would at not much
more cost in bandwidth. People are reluctant to sign mail, though,
because of bad client support, and bad rendering of signatures in
For example, my archiver script can sometimes
read Karsten Self's mail and sometimes not.
> My goal is to produce a best practices RFP that defines an attribute in
> OpenPGP for this purpose, and then seek support from the various
> implementers of OpenPGP. I think the EFF is well situated to garner
> support from these developers by supporting SWOT as a means of improving
> PGP usability.
There might be an alternative:
1. Sign every piece of mail you can until the mail client vendors and
list archives start displaying the signatures in a sensible way.
2. (This is from the keysigning BoF) "Local-sign" every key that keeps
getting posted publicly without gettting challenged.
Don Marti What do we want? Free Dmitry! When do we want it? Now!
email@example.com Free the web, burn all GIFs.
More information about the linux-elitists