nanog mailing list archives
Re: What happened to dot pro... (BTW)
From: Bradley Dunn <bradley () dunn org>
Date: Sun, 01 Feb 2004 20:05:14 -0800
John R Levine wrote:
A PGP or S/MIME signature assures you that the mail definitely came from the address it purports to come from, but it doesn't tell you whether that person is who you think it is. That's where limited access domains can help.
No actually a PGP signature assures you that a particular private key was used to sign a message. It doesn't tell you whether that key belongs to who you think it does. Thus you would verify the key fingerprint via an out of band method (phone, in person, business card). I don't see how a limited access domain helps in binding keys to people, unless the registrars are going to start acting as CAs as well. Anyone can create a PGP key with trustme () fubar cpa pro as an associated email address.
Bradley
Current thread:
- Re: What happened to dot pro... (BTW) J. Oquendo (Feb 01)
- Re: What happened to dot pro... (BTW) John R Levine (Feb 01)
- Re: What happened to dot pro... (BTW) Valdis . Kletnieks (Feb 01)
- Re: What happened to dot pro... (BTW) Bradley Dunn (Feb 01)
- Re: What happened to dot pro... (BTW) John R Levine (Feb 01)
- Re: What happened to dot pro... (BTW) John R Levine (Feb 01)