From: “Christian D. Odhner” <cdodhner@indirect.com>
To: collins@newton.apple.com (Scott Collins)
Message Hash: 623ce497c44e519b4dda639edefa831eb8121f93241b0b5014ec28799561a9ad
Message ID: <199309072054.AA27320@indirect.com>
Reply To: <9309071843.AA27927@newton.apple.com>
UTC Datetime: 1993-09-07 21:01:44 UTC
Raw Date: Tue, 7 Sep 93 14:01:44 PDT
From: "Christian D. Odhner" <cdodhner@indirect.com>
Date: Tue, 7 Sep 93 14:01:44 PDT
To: collins@newton.apple.com (Scott Collins)
Subject: Re: Who generates AOCE keys?
In-Reply-To: <9309071843.AA27927@newton.apple.com>
Message-ID: <199309072054.AA27320@indirect.com>
MIME-Version: 1.0
Content-Type: text/plain
Scott Colins writes:
> In the software I used (as recently as last Thursday) the keys are
> _absolutely_, _positively_ generated locally. Subsequently the public key
> can be mailed automagically to RSADSI to be incorporated into a certificate
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> which is returned to you. The latest version of RIPEM Mac uses the same
> procedure for the same functionality.
Well, what keeps people from makeing keys with somebody else's name/user
id on them and sending them in to be certified? Where is the
authentication from the key certifier's point of view?
Just wondering.
Happy Hunting, -Chris.
______________________________________________________________________________
Christian Douglas Odhner | "The NSA can have my secret key when they pry
cdodhner@indirect.com | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
"If guns are outlawed, only the government will have guns." -E. Abbey
My opinions are shareware. For a registered copy, send me 15$ in DigiCash.
Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11
------------------------------------------------------------------------------
Return to September 1993
Return to “collins@newton.apple.com (Scott Collins)”