Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Stephen Adler wrote: > To do this right, I believe, I want to get a key pair which is > registered with a 3rd party registry like verisign or > networksolutions.com or something like that. Is this not so? Say I > sign a document with a self generated key pair, how does a third party > know that the signature came from me and not someone posing as me who > generated their own pair of keys? As Dan pointed out, you build a web of trust, using the standard methods: - distribute your key (or at least the fingerprint for later verification of your key) when you meet people in person (sneakernet) - POTS (ie have them read off the fingerprint of your public key over the phone to you) - Post it on your business web site (generally thought to be less secure than the first two, although if people get your phone number from your website...) - if it's really important, hire a courier. > If I do need to go through the 3rd party registry route, who should I > use? You could probably do a hell of a lot better than the standard practice today (ie no verification beyond the "From" header in an email) without going overboard with air-tight verification. It's really a matter of how far you want to move the slider from "easy to use, but no verification" to "it would almost be easier to fly there and deliver the document in person". For business, you probably don't want to go too far toward the latter, lest it get in the way of things you're getting paid to do (unless verification is something the client is really interested in or knowledgeable about). Matt -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list [hidden email] http://lists.blu.org/mailman/listinfo/discuss
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |