True, centralized institutions are efficient, but that kind of defeats the purpose. You shouldn't accept someone's key without trusting them, which means you should get it from them over a channel by which you know it was not altered. That means a digital signing scheme which pre-supposes having their key.
Here is the way it's supposed to work -- you get someone's key personally (on a diskette, or whatever) or it is transmitted to you and signed by someone you already know or trust. Kind of a six degrees type deal. This creates a "web of trust". If I remember, in PGP, you can specify the level to which you trust a key, which means some keys can be trusted enough to authenticate other keys.
Hmmm, maybe six-degrees should be the one managing PGP keys... What'dya think?
You know, as a Canadian in the business of Cryptography, it's a lot better if we can sell to international customers and you guys can't. After all, your cryptographic software is *so* much more advanced than ours...:) HA ha!
Slashdot Mirror
True, centralized institutions are efficient, but that kind of defeats the purpose. You shouldn't accept someone's key without trusting them, which means you should get it from them over a channel by which you know it was not altered. That means a digital signing scheme which pre-supposes having their key.
Here is the way it's supposed to work -- you get someone's key personally (on a diskette, or whatever) or it is transmitted to you and signed by someone you already know or trust. Kind of a six degrees type deal. This creates a "web of trust". If I remember, in PGP, you can specify the level to which you trust a key, which means some keys can be trusted enough to authenticate other keys.
Hmmm, maybe six-degrees should be the one managing PGP keys... What'dya think?
You know, as a Canadian in the business of Cryptography, it's a lot better if we can sell to international customers and you guys can't. After all, your cryptographic software is *so* much more advanced than ours... :) HA ha!
Just jokin' - we support this bill, trust me.