[7782] in cryptography@c2.net mail archive
Re: reflecting on PGP, keyservers, and the Web of Trust
daemon@ATHENA.MIT.EDU (Bill Frantz)
Thu Sep 7 11:38:56 2000
Message-Id: <v03110748b5dce95d7933@[199.174.203.187]>
In-Reply-To: <3.0.6.32.20000903090136.009756c0@pop.sprynet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 6 Sep 2000 23:48:15 -0700
To: David Honig <honig@sprynet.com>
From: Bill Frantz <frantz@pwpconsult.com>
Cc: cryptography@c2.net
At 9:01 AM -0700 9/3/00, David Honig wrote:
>I didn't make myself clear. I meant that PGP is perfectly useful
>*without any keyservers*. I am in *favor* of people not publishing
>their keys, except maybe if you were a business and *wanted* cold-calls
>[1]. Sort of like a front-office line and a private back line.
>
>[1] or access and ownership of the keyserver were limited (think corporate
>online phone directory)
I can think of one time I was very glad my public key was up on a key server.
I had a freshly installed PGP on a machine at work, and I had some
confidential information I needed to send to myself at home. I downloaded
my public key from the key server, and was faced with the need to verify
it. I looked thru my pockets, and no key fingerprint. (I really need new
business cards.) But I did find one of Carl Ellison's cards with his key's
fingerprint. Since he had signed my key, the trust equation was, "Do I
trust Carl to introduce me to myself." Having decided that Carl was indeed
trustworthy in these circumstances, I proceeded to use the key.
<Grin> - Bill
-------------------------------------------------------------------------
Bill Frantz | Microsoft Outlook, the | Periwinkle -- Consulting
(408)356-8506 | hacker's path to your | 16345 Englewood Ave.
frantz@netcom.com | hard disk. | Los Gatos, CA 95032, USA
