[67079] in North American Network Operators' Group
Re: What happened to dot pro... (BTW)
daemon@ATHENA.MIT.EDU (Bradley Dunn)
Sun Feb 1 23:06:02 2004
Date: Sun, 01 Feb 2004 20:05:14 -0800
From: Bradley Dunn <bradley@dunn.org>
To: John R Levine <johnl@iecc.com>
Cc: "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <Pine.BSI.4.56.0402012147400.17981@tom.iecc.com>
Errors-To: owner-nanog-outgoing@merit.edu
John R Levine wrote:
> A PGP or S/MIME signature assures you that the mail definitely came from
> the address it purports to come from, but it doesn't tell you whether that
> person is who you think it is. That's where limited access domains can
> help.
No actually a PGP signature assures you that a particular private key
was used to sign a message. It doesn't tell you whether that key belongs
to who you think it does. Thus you would verify the key fingerprint via
an out of band method (phone, in person, business card). I don't see how
a limited access domain helps in binding keys to people, unless the
registrars are going to start acting as CAs as well. Anyone can create a
PGP key with trustme@fubar.cpa.pro as an associated email address.
Bradley
