[43384] in Cypherpunks
Re: Good Enough?
daemon@ATHENA.MIT.EDU (Derek Atkins)
Tue Nov 14 16:35:18 1995
To: Kevin L Prigge <klp@gold.tc.umn.edu>
Cc: cypherpunks@toad.com
In-Reply-To: Your message of "Tue, 14 Nov 1995 14:13:54 CST."
<30a8f8836ed1002@noc.cis.umn.edu>
Date: Tue, 14 Nov 1995 16:24:32 EST
From: Derek Atkins <warlord@MIT.EDU>
Hi.
First, I must warn you that generating keys on behalf of users is in
general a very bad thing to do. Instead, you might want to provide a
simple way for users to generate keys and get them certified. The
biggest problem is that there is not an easy way to get a good set of
random numbers on a server platform. On the other hand, users can get
a great deal of randomness on their own client machines. If they can
run netscape, then they can run PGP.
Second, you might want to look at a paper that Jeff Schiller and I
wrote for the 1995 Usenix conference on scaling the web of trust.
The paper is available off my home page or via ftp:
toxicwaste.mit.edu:/pub/pgpsign/scaleweb.{txt,PS}
The sources to the keysigner are also in the same directory.
Hope this helps.
-derek
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
Home page: http://www.mit.edu:8001/people/warlord/home_page.html
warlord@MIT.EDU PP-ASEL N1NWH PGP key available
