[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ga] PGP keys - an attempt
At 16:00 28.11.99 -0500, Dnsipv6@aol.com wrote:
>Harold and everybody else,
>
> It was suggested some time ago after I did yet another review of the
>ICANN Membership list, that as suggestion very similar was made
>for ICANN to consider doing this themselves. Nothing ever came of that.
>I wonder why, as do many of our [INEGroup] members.
That's why I experiment - if nobody has keys to send, one reason why ICANN
shouldn't bother doing this is verified.
(So far, this seems to hold)
And if nobody has signatures on their keys that can be used to build a
trust network, another reason why ICANN shouldn't bother is verified.
And if neither reason holds water, we can raise the issue again, now with a
specific keyring to use as argument for our case.
> If I recall
>the several exchanges I read through on the ICANN Membership
>list correctly, Kent Crispin, now (DNSO Voting Watchdog) had
>serious sounding objections to this. I, along with many of our [INEGroup]
>members also wonder why this is so, and how interesting it is that Kent
>Crispin is now a (DNSO Voting Watchdog). As is recommended
>by the IETF, sending keys to non-CA is discouraged.
excuse me.....all the IETF standards for public key cryptography recommend
sending the public key of the keypair far and wide and publicly; the whole
idea is that this key does NOT need to be kept secret.
The IETF standards largely recommend NEVER sending your signature secret
key ANYWHERE, not even to the CA.
Just to get the message straight.....
Harald
Harald
--
Harald Tveit Alvestrand, EDB Maxware, Norway
Harald.Alvestrand@edb.maxware.no