1995-11-14 - Re: Good Enough?

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: Kevin L Prigge <klp@gold.tc.umn.edu>
Message Hash: ad7df97f870d7f7a4802a57566f590b99f9d661300639d495cfd8e8e04623f08
Message ID: <199511142124.QAA23598@toxicwaste.media.mit.edu>
Reply To: <30a8f8836ed1002@noc.cis.umn.edu>
UTC Datetime: 1995-11-14 21:46:08 UTC
Raw Date: Wed, 15 Nov 1995 05:46:08 +0800

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 15 Nov 1995 05:46:08 +0800
To: Kevin L Prigge <klp@gold.tc.umn.edu>
Subject: Re: Good Enough?
In-Reply-To: <30a8f8836ed1002@noc.cis.umn.edu>
Message-ID: <199511142124.QAA23598@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


First, I must warn you that generating keys on behalf of users is in
general a very bad thing to do.  Instead, you might want to provide a
simple way for users to generate keys and get them certified.  The
biggest problem is that there is not an easy way to get a good set of
random numbers on a server platform.  On the other hand, users can get
a great deal of randomness on their own client machines.  If they can
run netscape, then they can run PGP.

Second, you might want to look at a paper that Jeff Schiller and I
wrote for the 1995 Usenix conference on scaling the web of trust.
The paper is available off my home page or via ftp:

The sources to the keysigner are also in the same directory.

Hope this helps.


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord@MIT.EDU    PP-ASEL     N1NWH    PGP key available