[linux-elitists] RFC 2015 (MIME and PGP) -- RFC status?

Aaron Lehmann aaronl@vitelus.com
Mon Mar 12 16:43:48 PST 2001


On Mon, Mar 12, 2001 at 04:37:27PM -0800, Rick Moen wrote:
> Having Bruce Scneier's discussion in _Secrets and Lies_ of the pervasive
> problems inherent in key-management and certificates, I am curious about
> your views on how exchanging keys _securely_ might work.

Personally I view Debian's methods as adequate, while often painful. To
obtain a signature on your key, you must appear to another developer
in person with real-world photographic identification (i.e. a driver's
license or passport). While this has the obvious problems that are
associated with paper ID, you can be resonably trusting of government ID
(since forgery of these official papers is a serious crime).

Most cipherpunks abide by similarly strict guidelines of trust. That's
why you'll often see keysigning parties at tradeshows.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010312/d3c7ac59/attachment.pgp 


More information about the linux-elitists mailing list