[JDEV] PGP / Public Key retrieval

Erisson erisson at mail.kaosklan.net
Mon Oct 9 15:05:19 CDT 2000 

Good point. The cynic in me says that the user who doesn't want to 
bother learning how the system works is fooling themselves if they
think it's making it more secure.

Perhaps default to storing a key in the vCard, but allow a knowledgable
user to switch to storing the key id in the vCard, and let the client
fetch it from a keyserver? I'd hate to see people having to fetch that
60k key every time they forgot that user's telephone extension. 

Comments, problems with that aproach?
Peter

On Mon, Oct 09, 2000 at 01:33:20PM -0600, Tim McCune wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Importing the key from an external key server is nice, but it does
> require the user to already have a key there, unless your Jabber
> client is going to check to see if the user has a key there, and if
> he doesn't, it will register it for him automatically.  I have found
> in the past that key management is something that most users don't
> understand and don't really want to understand.  That's why I wanted
> to ensure that it was all very transparent in Imjay.  In earlier
> versions, it wasn't, and you wouldn't believe all of the complaining
> that went on in my early user tests because of that.
> 
> - -----Original Message-----
> From: Erisson [mailto:erisson at mail.kaosklan.net]
>  
> KIM also searches for JID based on email. Not sure if it'll import
> from
> a key server or not. But it seems to me that this would be the best
> way to make use of the infrastructure that already exists. Another
> possibility, which is a bit of a hybrid, is to store the key ID, or
> maybe fingerprint in the vCard as a hint, and fetch it from a key
> server to actually get it. The reason I throw this out there is that
> sometimes e-mail and jabber ids don't match, and adding a new userid
> to a preexisting key isn't necessarily the best fix, but storing the
> key 
> in the vCard could get expensive when, like one of the guys who
> signed 
> my key, your key is ~60k.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
> 
> iQA/AwUBOeIcxtUPOr8a7vy5EQJoPQCdHmfIaj7aZJeG/pseKjScS+po4twAnAzJ
> gV1+wTGKRpGAKM9jZG/+C8ei
> =Al7N
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list