Re: [Sks-devel] new keyserver online

[C.J. Adams-Collier KF7BMP]

> Associated with what? With my key? With the keyserver?
The email address you used when requesting peers.  The email address which I will associate with the keyserver you claim to operate when you confirm for me that you have physical access to the private key corresponding to public key 0x5BB9A53D.
address@hidden:~$ grep 5BB9A53D /etc/sks/membership 
#keyserver.pki.scientia.net 11370#ChrisMitterer<address@hidden>0x5BB9A53D
>     Please tell me once you've got that, so that I can delete it.
Sorry I failed to confirm receipt previously.  Please consider my initial response an indication of receipt and review of the document.

Please sign a message using the private key associated with 0x5BB9A53D.  I will then remove the comment character from keyserver.colliertech.org's /etc/sks/membership file and re-start the server.  Something like the following would be more than adequate ;)

$ echo "
I <your name> do hereby swear under penalty of perjury
that I own and have exclusive access to the private key
corresponding with the public key ending in <your pgp id>
" | \
gpg --digest-algo sha256 --clearsign

>     The necessary root-CAs are available from the International Grid Trust
>     Federation (www.igtf.net)

Thank you.  I will review their CPS and make a decision regarding trust at a later time.  I am more hesitant to add CAs to my trust root than I am to trust the ones shipped with NSS.  It is unlikely that I will trust this CA until it is included in the NSS pool.

http://www.mozilla.org/projects/security/certs/pending/

Cheers,

C.J.

On Sun, 2010-08-22 at 21:15 +0200, Christoph Anton Mitterer wrote: 
> On Sun, 2010-08-22 at 08:13 -0700, C.J. Adams-Collier KF7BMP wrote:
> > > If I'm not missing something substantially (and I don't think so) there
> > > is really nothing which you'd gain from this anyway.
> > > If I send you some encrypted challenge or vice versa, you have neither a
> > > proof that I'm actually "Christoph Anton Mitterer" but only that the
> > > owner of that key has access to that email address (which an attacker
> > > can have easily too, via MiM-attacks).
> > 
> > Yes, it would be a weak indication, but it is more indication than
> > just that you own the associated email.
> Associated with what? With my key? With the keyserver?
>
>
> > The only thing I intended to suggest with this link is that these are
> > the standards by which the state requires me to operate.
> As it was already pointed out here, this likely doesn't apply to a
> keyserver.
> A keyserver is not a certificate authority,... nor a registration
> authority.
> It's just a service holding any keys. These keys can be valid (in the
> sense of "good") or forged (e.g. I could upload a key with "Linus
> Torvalds").
>
>
> > Please accept my sincere apology.  I did not mean to offend.  I have
> > never received a refusal to sign a message indicating ownership of a
> > private key and it raised a red flag.
> Well it's ok,... but you really should understand, that this is
> completely pointless, especially when one wants to make a connection
> between a key, and the owner/operator of a keyserver.
>
> What people (sometimes) do is: making such challenges, after (or in
> addition) to personal meetings, where they've exchanged fingerprints,
> and identity documents (like passport).
> Then it's used as a (very limited) proof, that someone has controll over
> an email-address.
>
>
> Cheers,
> Chris.




> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: [Sks-devel] new keyserver online
>
>
>
>
> Date: 
>
> Sun, 08 Aug 2010 18:39:47 +0200
>
>
>
>
> Hi.
>
> On Mon, 2010-06-21 at 16:03 -0700, C.J. Adams-Collier wrote:
> > You should be able to put the following in your /etc/sks/membership
> > file:
> > 
> > keyserver.colliertech.org 11370
> Done.
>
>
> Please add mine for those severs at:
> keyserver.pki.scientia.net 11370
>
>
> Cheers,
> Chris.
>
>
> --- End Message ---

signature.asc
Description: This is a digitally signed message part