> Associated with what? With my key? With the keyserver? The email address you used when requesting peers. The email address which I will associate with the keyserver you claim to operate when you confirm for me that you have physical access to the private key corresponding to public key 0x5BB9A53D.
c...@pki:~$ grep 5BB9A53D /etc/sks/membership #keyserver.pki.scientia.net 11370#ChrisMitterer<cales...@scientia.net>0x5BB9A53D > Please tell me once you've got that, so that I can delete it. Sorry I failed to confirm receipt previously. Please consider my initial response an indication of receipt and review of the document. Please sign a message using the private key associated with 0x5BB9A53D. I will then remove the comment character from keyserver.colliertech.org's /etc/sks/membership file and re-start the server. Something like the following would be more than adequate ;) $ echo " I <your name> do hereby swear under penalty of perjury that I own and have exclusive access to the private key corresponding with the public key ending in <your pgp id> " | \ gpg --digest-algo sha256 --clearsign > The necessary root-CAs are available from the International Grid Trust > Federation (www.igtf.net) Thank you. I will review their CPS and make a decision regarding trust at a later time. I am more hesitant to add CAs to my trust root than I am to trust the ones shipped with NSS. It is unlikely that I will trust this CA until it is included in the NSS pool. http://www.mozilla.org/projects/security/certs/pending/ Cheers, C.J. On Sun, 2010-08-22 at 21:15 +0200, Christoph Anton Mitterer wrote: > On Sun, 2010-08-22 at 08:13 -0700, C.J. Adams-Collier KF7BMP wrote: > > > If I'm not missing something substantially (and I don't think so) there > > > is really nothing which you'd gain from this anyway. > > > If I send you some encrypted challenge or vice versa, you have neither a > > > proof that I'm actually "Christoph Anton Mitterer" but only that the > > > owner of that key has access to that email address (which an attacker > > > can have easily too, via MiM-attacks). > > > > Yes, it would be a weak indication, but it is more indication than > > just that you own the associated email. > Associated with what? With my key? With the keyserver? > > > > The only thing I intended to suggest with this link is that these are > > the standards by which the state requires me to operate. > As it was already pointed out here, this likely doesn't apply to a > keyserver. > A keyserver is not a certificate authority,... nor a registration > authority. > It's just a service holding any keys. These keys can be valid (in the > sense of "good") or forged (e.g. I could upload a key with "Linus > Torvalds"). > > > > Please accept my sincere apology. I did not mean to offend. I have > > never received a refusal to sign a message indicating ownership of a > > private key and it raised a red flag. > Well it's ok,... but you really should understand, that this is > completely pointless, especially when one wants to make a connection > between a key, and the owner/operator of a keyserver. > > What people (sometimes) do is: making such challenges, after (or in > addition) to personal meetings, where they've exchanged fingerprints, > and identity documents (like passport). > Then it's used as a (very limited) proof, that someone has controll over > an email-address. > > > Cheers, > Chris. >
--- Begin Message ---Hi. On Mon, 2010-06-21 at 16:03 -0700, C.J. Adams-Collier wrote: > You should be able to put the following in your /etc/sks/membership > file: > > keyserver.colliertech.org 11370 Done. Please add mine for those severs at: keyserver.pki.scientia.net 11370 Cheers, Chris.
--- End Message ---
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel