On Thu, Nov 14, 2002 at 08:08:14PM -0500, [EMAIL PROTECTED] wrote: > The same way you keep your PGP key secure. Don't Share.
Trust me, a half-motivated government or powerful organization could get your PGP key very easily. Break into your house, install a bug in your keyboard, or a modified version of GnuPG, and the next time you enter your PGP password, they have it. The only thing that stops them is that there probably isn't a good reason, but if Freenet really started to take off - there would have more than enough motivation to do this to one of the Freenet developers. > I'd suggest Web-of-Trust. Either internal to freenet or using PGP > keyservers. Sign a .JAR with a short-expiration key (on the order of > weeks or months) Sign that key with Ian's key. (Cross signed with > Oskar, Matthew, etc) Now we have a distribution key, known to one > person (The "distribution officer") with a short duration. And what happens when (not if - WHEN) our well-motivated opponents get my private key? Ian. -- Ian Clarke ian@[freenetproject.org|locut.us|cematics.com] Latest Project http://cematics.com/kanzi Personal Homepage http://locut.us/
msg05430/pgp00000.pgp
Description: PGP signature
