PGP signatures.
Patrick O'Callaghan
pocallaghan at gmail.com
Sun Jun 1 15:05:49 UTC 2008
On Sun, 2008-06-01 at 17:12 +0930, Tim wrote:
> > Simply put, one could create a keylist, publish it someplace secure
> > with limited access and limited time availability, communicate to
> the
> > designated individual where and when, and the designated individual
> > could use something like VPN to pick up the encrypted key list. The
> > key to break that key list could be given over the phone. The
> result
> > would certainly minimize exposure of the keys.
>
> I'm not sure that exposure of keys is a problem (so long as keys are
> strong). I'd be unconcerned about exposure of uncrackable keys if
> keys
> and key IDs were used, with no way to harvest email addresses from
> them.
> i.e. If keys didn't contain addresses, just unique IDs.
The whole crux of the problem isn't exposing the (public) keys, it's
reliably associating a public key with an identity.
poc
More information about the fedora-list
mailing list