"Joseph N." wrote: > > Carl Ellison wrote in [EMAIL PROTECTED]:">news:[EMAIL PROTECTED]: > > > It turns out you can do even better if you label personally held > > certificates (that you've verified personally) by project or group, > > so that you can mark some e-mail as being intended for a particular > > interest group, not for just any of the people whose certificates you > > happen to hold. > > > > Would you expand on this, please, both in terms of principle and actual > mechanics for PGP?
Sure. I think of this as a poor man's mandatory access control (MAC). For example, in PGP, you can have a key for each project whose purpose is to sign the keys of project members. For a work-around, if you give them names starting with "0", they will show up at the top of the PGPKeys list of keys. You can then remove the "trust" from all keys in your keyring except for the one project key that corresponds to the project you're currently working on. (Have you ever seen the X-windows tool, TIMEX? I imagine some such radio button control, eventually, to set trust in the current project but at first you can do it manually with PGPKeys.) Under that mechanism, you end up with warnings about receiving mail from invalid keys or attempting to encrypt to invalid keys if you deal with mail recipients outside the project you're currently working on. This could be radically improved, of course, if we had real MAC (or DTE), but as a work-around, it gets around the problem of misdirection of e-mail causing leakage of secrets outside an approved project team. - Carl -- +------------------------------------------------------------------+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | | PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+
