From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 15 Nov 1995 05:46:08 +0800
To: Kevin L Prigge <klp@gold.tc.umn.edu>
Subject: Re: Good Enough?
In-Reply-To: <30a8f8836ed1002@noc.cis.umn.edu>
Message-ID: <199511142124.QAA23598@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi.

First, I must warn you that generating keys on behalf of users is in
general a very bad thing to do.  Instead, you might want to provide a
simple way for users to generate keys and get them certified.  The
biggest problem is that there is not an easy way to get a good set of
random numbers on a server platform.  On the other hand, users can get
a great deal of randomness on their own client machines.  If they can
run netscape, then they can run PGP.

Second, you might want to look at a paper that Jeff Schiller and I
wrote for the 1995 Usenix conference on scaling the web of trust.
The paper is available off my home page or via ftp:
	toxicwaste.mit.edu:/pub/pgpsign/scaleweb.{txt,PS}

The sources to the keysigner are also in the same directory.

Hope this helps.

-derek

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord@MIT.EDU    PP-ASEL     N1NWH    PGP key available