On Sat, Apr 01, 2000 at 03:38:29PM +0200, Marcus Brinkmann wrote:
> I could not trust either. The former, because it is stored on a network
> connected machine, the latter because it is transfered over the net (if it
> is shared among the security team). Of course, if the security team use
> their personal key in the latter case, I can trust it.
Are you really sure that no developer stores their key on a net connected
machine?
Also, what's so fundamentally wrong with transferring a secret key over
the net? Hint: PGP does it every time you send an encrypted email.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.
``The thing is: trying to be too generic is EVIL. It's stupid, it
results in slower code, and it results in more bugs.''
-- Linus Torvalds
Attachment:
pgp3VY61mWBb9.pgp
Description: PGP signature