[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: PGP signatures.

From: "Patrick O'Callaghan" <pocallaghan gmail com>
To: fedora-list redhat com
Subject: Re: PGP signatures.
Date: Sun, 01 Jun 2008 10:35:49 -0430

On Sun, 2008-06-01 at 17:12 +0930, Tim wrote:
> > Simply put, one could create a keylist, publish it someplace secure
> > with limited access and limited time availability, communicate to
> the
> > designated individual where and when, and the designated individual
> > could use something like VPN to pick up the encrypted key list.  The
> > key to break that key list could be given over the phone.  The
> result
> > would certainly minimize exposure of the keys.  
> 
> I'm not sure that exposure of keys is a problem (so long as keys are
> strong).  I'd be unconcerned about exposure of uncrackable keys if
> keys
> and key IDs were used, with no way to harvest email addresses from
> them.
> i.e. If keys didn't contain addresses, just unique IDs.

The whole crux of the problem isn't exposing the (public) keys, it's
reliably associating a public key with an identity.

poc

Follow-Ups:
- Re: PGP signatures.
  - From: Les

References:
- Re: PGP signatures.
  - From: Tim

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]