El lunes, 1 dici, 2003, a las 18:10 Europe/Madrid, Lars Eilebrecht escribió:
According to Santiago Gala:
For those able to receive/send SMS (text messages), they can be used to
send or receive key fingerprints, in a very effective and safe back
channel for identity validation.
Err, I wouldn't call SMS (or GSM) a 'safe' communication media.
Sorry, I tend to be imprecise. 'Safe' here was meant in the sense of identity cross reference, i.e. resilient to impersonation. (In my example, fingerprints are public info, so no confidentiality is actually needed)
The idea it that if a person is using a phone number that appears in telephone directories as Santiago's to answer a challenge (send me your key fingerprint by SMS...) in a timely manner, it reinforces trust in this person identity as Santiago when taken in addition to email.
Not in crypto terms. I tend to be imprecise, sorry.
[...]I'm beginning to sign all my mails, since security is becoming a key
issue for all Open Source, and signing of communications/releases seems
to be crucial.
BTW, you may want to cross-sign your two PGP keys. The one you used to sign your message is not the one you gave to people at ApacheCon for signing.
They are cross signed, I forgot to upload the signed version. Thanks for the reminder.
Regards,
Santiago--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
