1996-05-22 - Re: Senator Leahy, your public key please?

Header Data

From: “E. ALLEN SMITH” <EALLENSMITH@ocelot.Rutgers.EDU>
To: stewarts@ix.netcom.com
Message Hash: 94e22db9fbcf9051b0f4acf6759f2c5746eba527dc1bb58f3df497d2cfbf8ece
Message ID: <01I4ZITDBFUO8Y5IL9@mbcl.rutgers.edu>
Reply To: N/A
UTC Datetime: 1996-05-22 08:14:46 UTC
Raw Date: Wed, 22 May 1996 16:14:46 +0800

Raw message

From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 16:14:46 +0800
To: stewarts@ix.netcom.com
Subject: Re: Senator Leahy, your public key please?
Message-ID: <01I4ZITDBFUO8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 20-MAY-1996 03:34:34.06

>While I agree that keyservers don't need to validate keys - that's a
>job for the web of trust, and the keyserver-admin could sign keys
>if he/she/it wanted to - it may make sense for the keyservers to only 
>accept keys in messages signed by the key itself.  (Just signing the key
>doesn't help much here; you need to sign the key-plus-signatures.)
>Does it make sense to include some similar capability in PGP itself?

	I would suggest that the keyserver should simply keep track (via
keeping the signatures) of which signatures were with the key holder's
permission (signed by the key holder) and which aren't. This won't be necessary
for mutually-signing keys, of course.
	-Allen





Thread