1992-11-30 - Re: Secure Key exchange

Header Data

From: pfarrell@cs.gmu.edu (Pat Farrell)
To: cypherpunks@toad.com
Message Hash: 6b3471fe0ebe7941c96a137de267fe23be787af8b7d38a06d13d9b7072a45262
Message ID: <9211301332.AA10244@cs.gmu.edu>
Reply To: N/A
UTC Datetime: 1992-11-30 13:33:16 UTC
Raw Date: Mon, 30 Nov 92 05:33:16 PST

Raw message

From: pfarrell@cs.gmu.edu (Pat Farrell)
Date: Mon, 30 Nov 92 05:33:16 PST
To: cypherpunks@toad.com
Subject: Re: Secure Key exchange
Message-ID: <9211301332.AA10244@cs.gmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Bob Stratton suggests we hash out ideas on key signing prorocols. Ok, here
is what I do:

I sign keys only when I am certian that the key belongs to the human who
claims to have the name on the key. There are not a lot of keys signed
by me floating arround, maybe six total. My sig does not mean that the
key is not owned by a cop or NSA/CIA/KGB agent (Unlike Edgar's service) 
because I can't tell. So if you care about that stuff, start your
own web of trust with "higher" standards. My sign doesn't mean
that the person is really who they claim to be, I can't tell
that either. I've signed the key of a guy claiming to be "Ray
Kaplan" because I believe that he uses that name reegularly.
But I don't know that his name isn't really Boris Badinov.

You won't find my sig on Phil Zimmermann's key,
even tho that is a popular activity. Phil is a Net/Ether
person to me. My sig means that there is a real person with 
that name. I was at NCSC and exchanged keys there. I'll be
at CFP-3 and exchange keys there too. And if you are in my
area, (suburban Wash DC) we can meet and exchange keys.

I see no reason to hurry. A slowly growing web of trust that
is strong is far more useful than an exploding web of trash.

Pat

Pat Farrell,      Grad Student                       pfarrell@cs.gmu.edu
Department of Computer Science, George Mason University, Fairfax, VA
PGP key available via finger or request           #include standard.disclaimer
Write PKP. Offer money for a personal use license for RSA.






Thread