[JDEV] PGP / Public Key retrieval
Peter Millard
peter at vantek-corp.com
Tue Oct 10 10:43:49 CDT 2000
I've already looked at dealing w/ PGP inside of Winjab and have thought
about this and discussed it at some length w/ jer + others..
The big IMPORTANT thing about passing key's around is "authenticity" of the
actual key. This is the entire reason that key servers exist... so that just
'anyone' can't send you a public key since you have no way of "knowing" that
the other "end" of the Jabber connection isn't a hacker/spoofer/etc..
The Public key servers are "trusted authorities" so that we both trust the
server, thus, we can "safely" exchange public keys with it.
IMO, the ONLY way that a Jabber client should fetch keys is by doing it
through an existing public key server.. or force the user to use the PGP/GPG
key utilities to find the key first, and just use the existing key ring.
Temas - am I on the right track here?? :) We talked about this @ OSS and
this is what I remember from that discussion.
Peter Millard
More information about the JDev
mailing list