1992-10-25 - pgp key distribution

Header Data

From: pmetzger@shearson.com (Perry E. Metzger)
To: shawnb@ecst.csuchico.edu
Message Hash: 4137e49f0498a0f7b4545f98b63676470d62c8318ad13ae908b9ef1fe5f2f4e5
Message ID: <9210250427.AA08570@newsu.shearson.com>
Reply To: <9210250333.AA11925@toad.com>
UTC Datetime: 1992-10-25 05:03:00 UTC
Raw Date: Sat, 24 Oct 92 22:03:00 PDT

Raw message

From: pmetzger@shearson.com (Perry E. Metzger)
Date: Sat, 24 Oct 92 22:03:00 PDT
To: shawnb@ecst.csuchico.edu
Subject: pgp key distribution
In-Reply-To: <9210250333.AA11925@toad.com>
Message-ID: <9210250427.AA08570@newsu.shearson.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: shawnb <shawnb@ecst.csuchico.edu>

>I'm pretty new to this mailing list, so something along these lines may
>have already been proposed, but I was considering the possibility of
>putting together a list of pgp public keys for distribution through this
>list.  My own collection of keys is pretty small, and I would pernally 
>like to expand this, but I think this would provide a great service to the
>group as well.  Let me know what you all think.

I keep seeing people propose things like this, and I can't for the
life of me understand why. The only way to know for sure that
someone's key is theirs is a signature from a trusted introducer
anyway, so people can just ask each other in clear for public keys and
it doesn't do a lick of harm -- if they have a trusted signature, you
can use their key for communication and if they don't, you have to
find another way to verify the key.  People making lists of keys and
distributing them seems fairly useless to me. Can anyone tell me if I
am being really really thick here?

Perry





Thread