On Sat, Aug 02, 2003 at 04:13:49AM +0300, Shaul Karl wrote: > 1. Not a full solution but still. Have the place of the key signing > party have a net access and an ssh client so that people that can > access their private key with ssh would be able to remote sign it. > Somewhat alleviate the utterly trustable machine problem, unless > there is no facility to gpg remotely or some other issue that I > missed.
Now there's a solution that's worse than the problem. You can't trust the local machine, the net connection or the ssh client. There's a reason we don't ask people to bring laptops to key signing. -- Muli Ben-Yehuda http://www.mulix.org http://www.livejournal.com/~mulix/
pgp00000.pgp
Description: PGP signature
