1993-09-06 - Key signing, authentication

Header Data

From: “Christian D. Odhner” <cdodhner@indirect.com>
To: cypherpunks@toad.com
Message Hash: 54b447a26a9ab3fe9935dabfcec9a4fac1a27a6f2351b2481034293b6b96df09
Message ID: <199309061407.AA13849@indirect.com>
Reply To: N/A
UTC Datetime: 1993-09-06 14:16:19 UTC
Raw Date: Mon, 6 Sep 93 07:16:19 PDT

Raw message

From: "Christian D. Odhner" <cdodhner@indirect.com>
Date: Mon, 6 Sep 93 07:16:19 PDT
To: cypherpunks@toad.com
Subject: Key signing, authentication
Message-ID: <199309061407.AA13849@indirect.com>
MIME-Version: 1.0
Content-Type: text/plain

Recently there was some discussion about when to sign somebody's public
key and when not to. Does anybody have a short, to the point set of
guidelines on when it is ok to sign? I think minimum requirements to sign
would most likely be receiveing that key from the owner both on and off
the net. That way somebody on the net who is doing man-in-the-middle type
attacks is thwarted, as is somebody who gives you the key off the net with
a false net-id. Anyway, I'm sure there's more to it than that, like are
phone calls ok? I mean, how did you get the # anyway? And what about
meeting the person in the flesh? How do you know they are the same person
you talk to on the net? Thinking too much about this could make a person
.realy. paranoid!
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner@indirect.com	     | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
My opinions are shareware. To register your copy, send me 15$ in DigiCash.
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11