ietf-openpgp
[Top] [All Lists]

Re: Principles and Principals

1997-09-24 06:48:53
-----BEGIN PGP SIGNED MESSAGE-----

You still need some way
to bind the e-mail address to the key.

I think this is where DNSSEC would be enormously useful, by allowing
trusted DNS-based lookups of public keys. We can leverage the work done
by domains in setting up trust networks to get trusted PGP public keys.

I should think that we at least have to have the ability for
3rd party certifications of the public key have the ability to
bind over the key ID and e-mail address

Of course - it's just that, an Internet-wide WoT could become enormously
unwieldy without some form of structure imposed. The DNS is already
there, so would be an ideal candidate.

If I am misrepresenting what you propose, please set me
straight.

I think I just proposed it in a confused way :-) My main point was that
e-mail is an important part, but not the totality, of what we want to do
with PGP. I think the keyserver system is something that is very
appropriate for e-mail, but in other circumstances such as providing
authorisations it would be better for the user to supply the key and
associated permissions when (s)he requests the capability <taking cover>
;-)

Ian.

-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.21

iQCVAgUANCkaO5pi0bQULdFRAQHPVAP/UbtCQIdlehDYDE68JBg5sdX8JYNjlrQTKDMER3RpLJ6z
EuDESNMgpTKE4zGug2pILWbYyJAZzEJJYDXZv63PNx+2618sVlqqiSHw7EZdD9s66S6b+cnBAz+O
vbzAv6bR2FuKmyuiVWR++NIxTPrLiNiVQGkYmOLCmifQG1smlrc=
=cDgy
-----END PGP SIGNATURE-----

<Prev in Thread] Current Thread [Next in Thread>