Novel new use of PGP keysigning sessions
Nicholas Bohm
nbohm at ernest.net
Mon, 14 May 2001 16:45:36 +0100
At 15:20 14/05/2001 +0100, Owen Lewis wrote:
[snip]
>That's a view but does not necessarily hold up. Good security is generally
>based on strong common bonds, a breach of which is actionable. There is a
>wide variation in the approaches that can serve this essential end. The flaw
>in the thinking of many who use PGP is that it is appropriate to use a stung
>cryptosystem either without such bonds or before they are developed.
The same flaw is present in the PKI models (at least in those where the
initials mean "public infrastructure"): how many users of browsers have
the least idea whose certificates their browser will accept as trustworthy?
Regards
Nicholas
Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK
Phone 01279 871272 (+44 1279 871272)
Fax 01279 870215 (+44 1279 870215)
Mobile 07715 419728 (+44 7715 419728)
PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint:
9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF