www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Santiago Gala <sg...@hisitech.com>
Subject Re: establish a trust relationship (Re: missing signatures)
Date Sun, 07 Dec 2003 23:03:12 GMT

El lunes, 1 dici, 2003, a las 18:10 Europe/Madrid, Lars Eilebrecht 
escribió:

> According to Santiago Gala:
>
>> For those able to receive/send SMS (text messages), they can be used 
>> to
>> send or receive key fingerprints, in a very effective and safe back
>> channel for identity validation.
>
> Err, I wouldn't call SMS (or GSM) a 'safe' communication media.
>

Sorry, I tend to be imprecise. 'Safe' here was meant in the sense of 
identity cross reference, i.e. resilient to impersonation. (In my 
example, fingerprints are public info, so no confidentiality is 
actually needed)

The idea it that if a person is using a phone number that appears in 
telephone directories as Santiago's to answer a challenge (send me your 
key fingerprint by SMS...) in a timely manner, it reinforces trust in 
this person identity as Santiago when taken in addition to email.

Not in crypto terms. I tend to be imprecise, sorry.

> [...]
>> I'm beginning to sign all my mails, since security is becoming a key
>> issue for all Open Source, and signing of communications/releases 
>> seems
>> to be crucial.
>
> BTW, you may want to cross-sign your two PGP keys. The one you
> used to sign your message is not the one you gave to people at
> ApacheCon for signing.
>

They are cross signed, I forgot to upload the signed version. Thanks 
for the reminder.

Regards,
     Santiago

---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org


Mime
View raw message