-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 9 Jun 2006 06:59:24 -0700 Mark Sapiro <msapiro@value.net> wrote:
We all know that this is not secure against all attacks, but David feels that it will be good enough for his situation.
Which it probably is.
There have been others that have proposed registering pubkeys with email addresses and authenticating against message signatures. I think there may even be patches out on SF to support this with gpg. It seems to me that that's the right long term solution, although email PKI is (still) sadly poorly supported -- or understood by end users -- it seems.
- -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iQCVAwUBRImSknEjvBPtnXfVAQJrCgP/f9oVtJmF/SDA/c/3jFi5ZJhqt3fRyA5X oK1Zx7aetmBCPVi14hIwD4PBGAAs8tBfdFwerrxFu8iC7Fjj5huflYi2j04yqN2/ 0rsYccVcbok8ci5lHFTukBpdR7O61Sshx1nlaUW4WxsWc6Zk644Hah4CoWSw9WeG Hp40QSw9Eck= =EH7y -----END PGP SIGNATURE-----