| Jeff Abrahamson on Thu, 6 Mar 2003 14:12:05 -0500 |
|
On Thu, Mar 06, 2003 at 01:12:57PM -0500, gabriel rosenkoetter wrote: > Let me lay out a scenario for you: > > - a key is provided to the organizer > - the organizer adds that to the block of keys to be SHA1ed > - the organizer uploads that key to the webserver > - the organizer SHA1s the block of keys, and brings that hash with > him to the meeting to display > - everyone goes home, downloads the block of keys, SHA1s them, and > finds that the hash doesn't match. > > What do we do now? We certainly don't sign anyone's key... Yes, I agree that this is a good example that argues strongly in favor key slips. -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B Attachment:
pgp4ART1YpYi5.pgp
|
|