In <>, on 03/10/98 at 01:15 PM, Jack Repenning <jackr@xxxxxxxxxxxx> said: >I'm not sure this addresses the use Hal had in mind. An implication of >allowing an attribute packet "wherever a userid packet may be" is that it >can be signed by another party. I imagine the UI he has in mind would >allow this other party to add the attribute, rather than (or, "in >addition to") the key owner doing so. The end goal is (I think) the >ability to express the meaning of your signature ... "I certify this key >for business purposes, but I wouldn't trust this blighter with the >personal secrets of a snail." >You might do this with additional UserIDs, but only if you allow them to >be added by non-owners (a capability recently retracted by PGPInc >implementations); you also would have some conflict over whether to match >values in the attributes when searching for a key. >At least, I think that's the sort of thing he was getting at. Perhaps a >bit more info about intended use, and structure of the packet to support >it, would be in order. I'm not sure I like this at all. It is one thing to allow 3rd parties to attach their verification of the userID of a key. It is quite another thing to allow then to add any information they wanted to. There are quite a few nasty and malicious people out there and I for one would not support letting them have the ability to add extra information of any kind to my public keys. The more I think about this the less I like it. Seems to be opening a real can of worms. -- --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/esecure.html --------------------------------------------------------------- Tag-O-Matic: You said Windows was a Power Tool???
Attachment:
pgp00027.pgp
Description: PGP signature