Signed headers (was Re: Evolution signatures)
Thomas Sjögren
thomas@northernsecurity.net
Wed Aug 6 23:41:01 2003
--SkvwRMAIpAhPCcCJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Aug 06, 2003 at 04:09:54PM -0400, darren chamberlain wrote:
> This seems to imply that the host's keys would exist in the WoT -- but
> how (why?) would you sign a host's key, as opposed to a persons key?
> It's trivial for a sysadmin to replace one host's key with another.
I'm only using the key servers for distribution of the host-id key, not
implying that the host-ID key is available for public signing (and thus
not interesting in a WoT).
What we need is to create a link between the person and the host, maybe
include the host-ID in the persons public key?
For example:
pub 1024D/114AA85C 2003-04-14 Thomas Sjogren <email>
hid <host fingerprint> <date>=20
=2E..
/Thomas
--=20
=3D=3D thomas@northernsecurity.net | thomas@se.linux.org
=3D=3D 3367 0D84 444B D5B6 980E 7D5D 1209 639D 114A A85C
--
--SkvwRMAIpAhPCcCJ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/MXYgEgljnRFKqFwRAk7LAKCw4l6yfpeawPhjvNz0YHCErXS38wCgkqY/
wj6SzPaz1qVpUsrhj1XLgaI=
=mtQD
-----END PGP SIGNATURE-----
--SkvwRMAIpAhPCcCJ--