Jeff Abrahamson on Thu, 6 Mar 2003 14:12:05 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] PGP keysigning aftermath


On Thu, Mar 06, 2003 at 01:12:57PM -0500, gabriel rosenkoetter wrote:
> Let me lay out a scenario for you:
> 
> - a key is provided to the organizer
> - the organizer adds that to the block of keys to be SHA1ed
> - the organizer uploads that key to the webserver
> - the organizer SHA1s the block of keys, and brings that hash with
>   him to the meeting to display
> - everyone goes home, downloads the block of keys, SHA1s them, and
>   finds that the hash doesn't match.
> 
> What do we do now? We certainly don't sign anyone's key...

Yes, I agree that this is a good example that argues strongly in favor
key slips.

-- 
 Jeff

 Jeff Abrahamson  <http://www.purple.com/jeff/>
 GPG fingerprint: 1A1A BA95 D082 A558 A276  63C6 16BF 8C4C 0D1D AE4B

Attachment: pgp4ART1YpYi5.pgp
Description: PGP signature