ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Principles and Principals

1997-09-24 08:30:11
from [Rik Drummond] [Permanent Link] 


-----Original Message-----
From:   Bonatti Chris [SMTP:bonattic(_at_)ieca(_dot_)com]
Sent:   Tuesday, September 23, 1997 4:51 PM
To:     Ian Brown
Cc:     ietf-open-pgp(_at_)imc(_dot_)org
Subject:        Re: Principles and Principals

-----BEGIN PGP SIGNED MESSAGE-----

[>>]  snip........ 
Unless I misunderstand you, the e-mail address is not then bound
into the certificate structure.  I'm reading out of what
your last couple of messages that we would submit the e-mail
address as an submission argument to the keyserver, but that
this would be absent from the certificate.  This is pretty weak
in the sense that it is dirt simple for a black-hat to assert a
bogus e-mail address (or worse usurp a real one) and provide his
own black-hat key ID.  This leaves open a lot of possibilities
for misuse.

I agree with the above. The email address must be tightly bound in the cert so 
that spoofing is not possible.

regards, rik[>>]  

[>>]  snip....
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Principles and Principals, Ian Brown
Next by Date:  Re: Principles and Principals, Ian Brown
Previous by Thread:  Re: Principles and Principals, David P. Kemp
Next by Thread:  Re: Principles and Principals, Ian Brown
Indexes:  [Date] [Thread] [Top] [All Lists]