PGP signatures.
Les
hlhowell at pacbell.net
Sun Jun 1 17:58:23 UTC 2008
On Sun, 2008-06-01 at 10:35 -0430, Patrick O'Callaghan wrote:
> On Sun, 2008-06-01 at 17:12 +0930, Tim wrote:
> > > Simply put, one could create a keylist, publish it someplace secure
> > > with limited access and limited time availability, communicate to
> > the
> > > designated individual where and when, and the designated individual
> > > could use something like VPN to pick up the encrypted key list. The
> > > key to break that key list could be given over the phone. The
> > result
> > > would certainly minimize exposure of the keys.
> >
> > I'm not sure that exposure of keys is a problem (so long as keys are
> > strong). I'd be unconcerned about exposure of uncrackable keys if
> > keys
> > and key IDs were used, with no way to harvest email addresses from
> > them.
> > i.e. If keys didn't contain addresses, just unique IDs.
>
> The whole crux of the problem isn't exposing the (public) keys, it's
> reliably associating a public key with an identity.
>
>From the last two posts, I gather that the encryption comment was
specifically directed toward the PGP signatures... DUUHHH! I should have
read the subject. I was responding in regards to encryption for
security purposes. Please
disregard my previous post.
Regards,
Les H
More information about the fedora-list
mailing list