Thanks for the response! I'm glad you have similar interests in this.
I have some responses inline:
On Sat, Dec 8, 2012 at 11:45 PM, elijah eli...@riseup.net wrote:
If I read correctly, a few of your main points are:
(1) We need well defined and expanded trust metrics
(2) Everything would be
On Wed, 5 Dec 2012 23:15, pa...@cs.ucsb.edu said:
And of course the last issue is finding a sane way for user's to store
and use private keys. Hence the PSST project and the eventual idea of
PSST? That used to be the working title for a free implementation of
ssh back in 1997. iirc, I sent
Werner Koch:
On Wed, 5 Dec 2012 23:15, pa...@cs.ucsb.edu said:
And of course the last issue is finding a sane way for user's to store
and use private keys. Hence the PSST project and the eventual idea of
PSST? That used to be the working title for a free implementation of
ssh back in
On 5 December 2012 23:15, Patrick Baxter pa...@cs.ucsb.edu wrote:
On Tue, Dec 4, 2012 at 5:29 AM, Melvin Carvalho
melvincarva...@gmail.com wrote:
Not sure I've grokked everything in this thread, but some thoughts.
I'm working on the TL;DR version :).
Tying a key to a 'domain' (aka
On 12/06/2012 05:40 AM, Melvin Carvalho wrote:
Yes, in theory I could add an SSL cert to my homepage, though I havent
paid for one yes.
You can get a free one at https://www.startssl.com/
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On Tue, Dec 4, 2012 at 5:29 AM, Melvin Carvalho
melvincarva...@gmail.com wrote:
Not sure I've grokked everything in this thread, but some thoughts.
I'm working on the TL;DR version :).
Tying a key to a 'domain' (aka URI) is something that can be done already
using linked data.
I do so on
Hi Patrick,
Have you seen EFF's Sovereign Keys project? It attempts to establish a
distributed single-mapping database of cert - domain.
Also see the schemes in https://en.bitcoin.it/wiki/BIP_0015, altough they
create new handles rather than try to capture existing ones.
Yup, Sovereign Keys is awesome. I hadn't looked it up since thinking
more about the importance of having a single mapping but on a quick
re-read I understand it as follows:
Sovereign keys has a very strict requirement for changing this mapping
as domain names should. ie. Only a key revocation can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi all,
I have a couple research ideas dealing with Authentication and the WOT. I'm
looking for any criticism, opinions, or thoughts on my current directions.
Mostly, I want to make sure I'm not barking at the wrong problems or that there
are not