On Thu, Nov 14, 2002 at 08:08:14PM -0500, harik at chaos.ao.net wrote: > The same way you keep your PGP key secure. Don't Share.
Trust me, a half-motivated government or powerful organization could get your PGP key very easily. Break into your house, install a bug in your keyboard, or a modified version of GnuPG, and the next time you enter your PGP password, they have it. The only thing that stops them is that there probably isn't a good reason, but if Freenet really started to take off - there would have more than enough motivation to do this to one of the Freenet developers. > I'd suggest Web-of-Trust. Either internal to freenet or using PGP > keyservers. Sign a .JAR with a short-expiration key (on the order of > weeks or months) Sign that key with Ian's key. (Cross signed with > Oskar, Matthew, etc) Now we have a distribution key, known to one > person (The "distribution officer") with a short duration. And what happens when (not if - WHEN) our well-motivated opponents get my private key? Ian. -- Ian Clarke ian@[freenetproject.org|locut.us|cematics.com] Latest Project http://cematics.com/kanzi Personal Homepage http://locut.us/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021114/01aaf4bc/attachment.pgp>
