| Darxus on Sun, 17 Dec 2000 15:09:01 -0500 |
|
A subject that came up in discussion about keysignings once was the fact that the way we've been doing keysignings only verifies a person's name, and not their email address. There are lots of ways of doing keysignings, and I've read every procedure I've found. I came across one that had an idea I liked, to verify email addresses -- mailing secrets. This would be especially useful for people who you don't know personally who don't have a name field matching photo ID. If you would like to verify a person's email address before signing their key, then get a list of the addresses of people who will be participating at the next keysigning from the bottom of http://www.phillylinux.org/keys and email each of them a different random secret. I suggest using the program "pwgen". $ pwgen 8 quomoox $ pwgen 8 fedasoo $ pwgen 8 vishidu So, say, for the next meeting, you want to verify the email addresses of the 3 new participants for january: pub 1024D/70210CAA 2000-11-30 N-Tropy (Flint Heart) <n-tropy@n-tropy.com> pub 1024D/0C3F6A8E 2000-12-11 David A Nurse <Danurse01@hotmail.com> pub 2048R/395F5F1B 2000-08-21 Paul Raj Khangure <prk@digitaljunkie.net> You would pick (or generate) 3 different secrets(passwords), and mail one to each. So send email to n-tropy@n-tropy.com before the meeting & ask him to write down & bring the password "quomoox" with him to the next meeting. Email "fedasoo" to Danurse01@hotmail.com, etc. At the meeting, when verifying their fingerprint / photo ID, ask them for the secret/password you emailed them. FYI, I'm really hoping prk@digitaljunkie.net shows up - he's visiting from australia. -- http://www.ChaosReigns.com Attachment:
pgpGh5wWOW7Kv.pgp
|
|