From: tytso@ATHENA.MIT.EDU (Theodore Ts’o)
To: pfarrell@cs.gmu.edu
Message Hash: 6b7079c77d412bd72da1bbcb4aad251791729cf033112fe46764e5d50830918f
Message ID: <9211301836.AA20482@tsx-11.MIT.EDU>
Reply To: <9211301332.AA10244@cs.gmu.edu>
UTC Datetime: 1992-11-30 18:37:21 UTC
Raw Date: Mon, 30 Nov 92 10:37:21 PST
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
Date: Mon, 30 Nov 92 10:37:21 PST
To: pfarrell@cs.gmu.edu
Subject: Re: Secure Key exchange
In-Reply-To: <9211301332.AA10244@cs.gmu.edu>
Message-ID: <9211301836.AA20482@tsx-11.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain
Date: Mon, 30 Nov 92 08:32:45 EST
From: pfarrell@cs.gmu.edu (Pat Farrell)
I sign keys only when I am certian that the key belongs to the human who
claims to have the name on the key. There are not a lot of keys signed
by me floating arround, maybe six total.....
Ah, but how do we know that it's really you making this statement, and
not some evil NSA spoofer? What people need to do is to make their
key-signinging policies available _signed_ with their private key; that
way at least we would know that the entity signing the keys and the
entity claiming that this is its policy are the same. This helps, but
we would then still need to trust that the entity is telling the truth
insofar as its key-signing policy is concerned.
- Ted
Return to November 1992
Return to “tytso@ATHENA.MIT.EDU (Theodore Ts’o)”