On Thu, May 24, 2007 at 06:14:30PM -0500, Andrew Berg wrote:
> Peter Todd wrote:
> > The *only* thing included in the hash is what is between the START
> > and END bits, that's it, no headers no nothing. I'm not positive,
> > but I belive the MIME based PGP is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, May 24, 2007 at 11:37:09AM -0700, ptr wrote:
>
> Agree with the DNS poisoning, my form would need to be SSL'ed with my private
> certificate.
>
> In terms of educating my recipients - yes, it may be tricky, that is
> probably the weakest poin
On Thu, May 24, 2007 at 10:29:11AM -0700, ptr wrote:
>
> I cannot "force" my recipients to install any PGP software so I was thinking
> about creating signature verification form on my website. If someone wanted
> to check if the email is really from me, he/she could paste the signed email
> part
On Wed, May 16, 2007 at 10:24:51PM -0500, Ryan Malayter wrote:
> On 5/16/07, Peter Todd <[EMAIL PROTECTED]> wrote:
> > Then only that
> > passphrase needs to be securely stored and the secret key can be stored
> > with standard backup procedures.
>
> I belie
On Wed, May 16, 2007 at 03:28:24PM -0400, David Shaw wrote:
> One trick that can be done when paper escrowing OpenPGP keys is to
> only print the part you care about. OpenPGP secret keys are heavily
> padded with non-secret data. In fact, the secret key contains a
> complete copy of the public ke