On Mon, Aug 28, 2000 at 07:12:52PM -0400, David Marshall wrote:
> [EMAIL PROTECTED] (Ryan Lackey) writes:
>
> > Given the low percentage of "normal user" PGP keys which are anything
> > but self-signed, would people actually use/give-appropriate-trust to
> > a service which signed PGP keys belonging to people based solely on
> > email challenge authentication (like majordomo uses)?
It's not wonderful, but it's a start
> It would be nice to have an option which would verify each address on
> the key. Email-challenge authentication would be used for each address
> which is listed in the key. Unfortunately, PGP doesn't do a very good
> job of making this possible: There's no way to invalidate a signature
> when someone adds or modifies a user ID on the key, at least not that
> I know of.
Correct me if I'm wrong, but don't you sign a userid? The server would
chalenge/auth for an address x and sign the userid with that email address.
>
> Another similar service would be one which takes a message, even a
> cyphertext, adds a time stamp to it, and then signs it. If such a
> service had sufficient reputation capital, it would be useful for all
> sorts of things.
Simple to setup if someone with a 24x7 server has access.
AGL
--
Never underestimate the power of a small tactical nuclear weapon.
PGP signature
