[messaging] The Simple Thing

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Oct 3 10:30:45 PDT 2014

On 10/03/2014 01:21 PM, Ben Laurie wrote:
> On 3 October 2014 17:49, Tao Effect <contact at taoeffect.com> wrote:
>> On Oct 3, 2014, at 2:13 AM, Ben Laurie <ben at links.org> wrote:
>> Software holding the key monitors the log(s) for key changes.
>> What software would that be (Apache? GPG?)?
> I can't answer that - it depends what system we're talking about, and
> AFAICS we're not yet talking about a specific system, just an idea - but
> the idea is that whatever software holds keys for users also monitors logs
> on their behalf.

When i hear "holds keys", i usually think of holding the secret key
material.  But when i think of the monitor, i see no reason why a
monitor needs access to the secret key material.

The monitor would want to know the public key material i want associated
with a particular identity (so it doesn't alert me falsely about my own
key), but that's it.

For example, I could set up my home server (which doesn't have access to
my secret key material for messaging purposes) to monitor for anyone
claiming that my messaging identity is bound to a different key.

These clarifications are probably obvious, but i think it's worth making
them explicit.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141003/d2257bb7/attachment.sig>

More information about the Messaging mailing list