[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Signing Packages.gz

On Sun, Apr 02, 2000 at 02:46:30PM +1000, Anthony Towns wrote:
> PGP (v2.x, I'm not uptodate with the recent OpenPGP stuff), generates a
> secret (albeit symmetric, rather than public/private keypair) IDEA key
> everytime you try to encrpt a message. It encrypts the message with this
> key, then encrypts the key with the recipients public key, and (and here's
> the bit I was referring to) *sends that secret IDEA key across the net*.

But you might emphasize that this secret key is used exactly once, just
for this message. Intercepting it won't allow you to sign other stuff as
someone else.
So equating the sending of this kind of secret key and leaving your
private key on a server is comparing apples and oranges.

The idea is that the first face shown to people is one they can readily
accept - a more traditional logo. The lunacy element is only revealed
subsequently, via the LunaDude. [excerpted from the Lunatech Identity Manual]

Reply to: