[unisog] Machine readable version of Notification
bruce at netpd.com
Tue Nov 13 19:03:59 GMT 2001
Sorry, I should have elaborated on that paragraph. We will create one
key for each role at NetPD. So for example we will create a key for
'sony-notifications at netpd.com'. Other clients will have their own keys
assigned. This should result in less than 20 keys at this time.
We will place the public keys on our website so that you can verify the
integrity of our email.
Thank you for your input.
Tim O'Connor wrote:
>On Tue, Nov 13, 2001 at 05:44:32PM +0000, Bruce Ward wrote:
>>By the way, we have decided to implement a GPG signature on
>>our notifications. . A GPG key will be issued for the role
>>'Client-Notifications' with a separate key created for each
>>client. The signature should begin appearing on outgoing
>>messages from '*-notifications at netpd.com' later this week.
>If you don't mind someone chiming in on this ... this is kind of
>the opposite of how you typically use a public key.
>The idea is for you to own ONE key (or perhaps a couple) associated
>with your organization (and, ideally, signed by one or more well-known
>people who vouch for its authenticity, though I don't know how that
>would work in your case), and then use the single well-known key (which
>all recipients would, ideally, recognize) to sign all your official mail.
>Having unique keys made by you for each recipient is mind-bogglingly
>complicated to manage and would not scale well.
>Perhaps you're confusing it with the collection of unique keys from
>the people with whom you exchange mail? In THAT case you would have
>lots of keys, each associated with the place to which you are writing.
>But you wouldn't issue them; rather, you'd collect keys from people
>out there, or from a key server. Though you don't need each person's
>key if all you're doing is sending out signed mail; instead, the
>recipient would need to have a copy of your key.
>Just my 2 cents....
More information about the unisog