Re: [Debconf-discuss] Call for keys for keysigning in Edinburgh during DebConf7

To: "Giacomo A. Catenazzi" <cate@debian.org>
Cc: debconf-discuss@lists.debconf.org
Subject: Re: [Debconf-discuss] Call for keys for keysigning in Edinburgh during DebConf7
From: Wouter Verhelst <wouter@debian.org>
Date: Sun, 3 Jun 2007 11:49:16 +0200
Message-id: <[🔎] 20070603094916.GA5222@grep.be>
In-reply-to: <465EEEFA.6090304@debian.org>
References: <874pmm977d.fsf@glaurung.internal.golden-gryphon.com> <20070521130131.GA22548@zoy.org> <874pm5ep7a.fsf@glaurung.internal.golden-gryphon.com> <20070522161904.GH22548@zoy.org> <20070522192409.GP8659@kheops.homeunix.org> <4654107A.9050503@hands.com> <20070530234813.GA19644@grep.be> <87wsyprqek.fsf@glaurung.internal.golden-gryphon.com> <20070531151317.GA10931@piper.oerlikon.madduck.net> <465EEEFA.6090304@debian.org>

On Thu, May 31, 2007 at 05:51:22PM +0200, Giacomo A. Catenazzi wrote:
> I really see few people that check identity AND the email (people tend
> to sign all key-identity of a key).

That's wrong.

> How to do this check in a reliable and completely secure way?
> (I think that a man on the middle attack is always possible).

Send an encrypted mail to the email address that contains the signature
*for that address only*. The 'caff' script in the signing-party package
will automate this for you.

-- 
Shaw's Principle:
	Build a system that even a fool can use, and only a fool will
	want to use it.

Reply to:

Prev by Date: Re: [Debconf-discuss] What to bring to hostels
Next by Date: [Debconf-discuss] Agenda?
Previous by thread: Re: [Debconf-discuss] What to bring to hostels
Next by thread: [Debconf-discuss] Agenda?
Index(es):
- Date
- Thread