On Sun, 2008-06-01 at 10:35 -0430, Patrick O'Callaghan wrote: > On Sun, 2008-06-01 at 17:12 +0930, Tim wrote: > > > Simply put, one could create a keylist, publish it someplace secure > > > with limited access and limited time availability, communicate to > > the > > > designated individual where and when, and the designated individual > > > could use something like VPN to pick up the encrypted key list. The > > > key to break that key list could be given over the phone. The > > result > > > would certainly minimize exposure of the keys. > > > > I'm not sure that exposure of keys is a problem (so long as keys are > > strong). I'd be unconcerned about exposure of uncrackable keys if > > keys > > and key IDs were used, with no way to harvest email addresses from > > them. > > i.e. If keys didn't contain addresses, just unique IDs. > > The whole crux of the problem isn't exposing the (public) keys, it's > reliably associating a public key with an identity. > >From the last two posts, I gather that the encryption comment was specifically directed toward the PGP signatures... DUUHHH! I should have read the subject. I was responding in regards to encryption for security purposes. Please disregard my previous post. Regards, Les H -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
