From: “Perry E. Metzger” <perry@piermont.com>
To: cypherpunks@toad.com
Message Hash: eea5609817b264fe9b3dabb1868aa7c63ef1a28a7bf4982f7c3fd0376d2d5fb4
Message ID: <199608071637.MAA08532@jekyll.piermont.com>
Reply To: <199608060552.WAA04209@abraham.cs.berkeley.edu>
UTC Datetime: 1996-08-07 23:44:08 UTC
Raw Date: Thu, 8 Aug 1996 07:44:08 +0800
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 8 Aug 1996 07:44:08 +0800
To: cypherpunks@toad.com
Subject: Re: PGP public key servers are NOT useful!
In-Reply-To: <199608060552.WAA04209@abraham.cs.berkeley.edu>
Message-ID: <199608071637.MAA08532@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
John Anonymous MacDonald writes:
> The problem with the PGP public key servers is that
> one has absolutely no control over what gets uploaded there in one's
> own name.
Thats why people are supposed to use the web of trust to check the
keys. You claim to make your key available by finger. How do you know
that Mallet isn't switching the bits as they go down the wire to your
correspondants? The only way to verify a key is to check known good
signatures on it. Because of this, no security is needed on key
storage facilities per se -- you aren't supposed to trust keys without
signatures.
Geesh. I thought this was obvious. I guess not.
Perry
Return to August 1996
Return to ““Perry E. Metzger” <perry@piermont.com>”