1993-09-06 - Re: Key signing, authentication

Header Data

From: J. Michael Diehl <mdiehl@triton.unm.edu>
To: cdodhner@indirect.com (Christian D. Odhner)
Message Hash: cba6ba36151e0c1fd6c2dfa47bd72bd43cab4ce2c0ed87a436fff7b44a62fa12
Message ID: <9309062046.AA04749@triton.unm.edu>
Reply To: <199309061407.AA13849@indirect.com>
UTC Datetime: 1993-09-06 20:51:26 UTC
Raw Date: Mon, 6 Sep 93 13:51:26 PDT

Raw message

From: J. Michael Diehl <mdiehl@triton.unm.edu>
Date: Mon, 6 Sep 93 13:51:26 PDT
To: cdodhner@indirect.com (Christian D. Odhner)
Subject: Re: Key signing, authentication
In-Reply-To: <199309061407.AA13849@indirect.com>
Message-ID: <9309062046.AA04749@triton.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain

According to Christian D. Odhner:
> Recently there was some discussion about when to sign somebody's public
> key and when not to. Does anybody have a short, to the point set of
> guidelines on when it is ok to sign? I think minimum requirements to sign
> would most likely be receiveing that key from the owner both on and off
> the net. That way somebody on the net who is doing man-in-the-middle type
> attacks is thwarted, as is somebody who gives you the key off the net with
> a false net-id. Anyway, I'm sure there's more to it than that, like are
> phone calls ok? I mean, how did you get the # anyway? And what about
> meeting the person in the flesh? How do you know they are the same person
> you talk to on the net? Thinking too much about this could make a person
> .realy. paranoid!

Well, I think I started that thread with a query.  I got lots of discussion and 
summarized the (most conservative) concensus in my .plan file.  You can read my
policy by typing finger mdiehl@triton.unm.edu.  Hope this helps.

>"The NSA can have my secret key when they pry
>it from my cold, dead, hands... But they shall
>NEVER have the password it's encrypted with!"

I love it! ;^)

J. Michael Diehl   ;^)  |*The 2nd Amendment is there in case the 
mdiehl@triton.unm.edu   | Government forgets about the 1st!  <RL>
Mike.Diehl@f29.n301.z1  |*God is a good Physicist, and an even 
    .fidonet.org        | better Mathematician.  <Me>
al945@cwns9.ins.cwru.edu|*I'm just looking for the opportunity to 
 (505) 299-2282 (voice) | be Politicly Incorrect! <Me>
Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703. 
PGP Key = 7C06F1 = A6 27 E1 1D 5F B2 F2 F1  12 E7 53 2D 85 A2 10 5D