From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Sun, 4 Oct 92 19:15:03 PDT
To: cypherpunks@toad.com
Subject: introducing public keys
In-Reply-To: <2554.2ACD2FF0@fidogate.FIDONET.ORG>
Message-ID: <9210050222.AA21567@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



>I am considering becoming and "introducer" for parts of FidoNet. I
>can't seem to get past the problems of how to assign reliability to
>public keys I receive over an unsecured email channel to begin with.
>No other method is practical.

Building a key distribution system takes time.  Start off by having
people mail you diskettes.  Or if you don't mind typing, printouts.
Carry copies of your public key to give to people in person.

Get good security is not free, especially in terms of time.

If you can personally receive via out-of-band channels the public key
of another introducer, you can exchange all the certified keys you
each possess.  And then exchange those with another introducer you know.

Introducers are not a special breed.  Most people should certify
others public keys, if only for redundancy.

Remember, no one has ever set up a non-hierarchical public key
distribution system to the general public.  This is research.

Eric