On Wed, 24 Sep 2003, Joshua Slive wrote: > A chain of trust can have more than one link. Assuming there is someone > in Japan who has once been to a country with an ASF member, geography need > not be a barrier.
Eh, there are many other reasonable ways to establish a chain of trust than a personal meeting. In some contexts they might even be superior. Some combination of the following would be as hard to attack as pretending to be someone else in a personal meeting: I mostly know you as the guy who sends mail from [EMAIL PROTECTED] You send me your key signature from that address; I respond with a token and you send the token back. Maybe afterwards I wait a month or two and follow your use of that email address. If you keep sending useful patches to similar things as you've done in the past, that's a good indication. We have postal addresses of ASF members on file. Tokens and key signatures can be sent back and forth via postal mail. Likewise for telephone numbers; figuring out a time to make two calls across the world should be feasible. Some people include their key signature in all their mails. - ask -- http://www.askbjoernhansen.com/ - http://develooper.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
