5 Nov
2003
5 Nov
'03
8:51 p.m.
On Wed, Nov 05, 2003 at 01:34:44PM -0500, Erik Enge wrote:
<dan`b> kire: the interesting question to the end-user is "did this package come from someone with a cl.net account"
Right on the mark.
<dan`b> so, for the cl.net application procedure, you ask people to send you signed mail to apply
<dan`b> and you send the inital username/password etc details encrypted to that same key
<dan`b> then you know that the cl.net user is the owner of the gpg key, and you can sign the key in question
Minimal complication to procedure, fair inscrease in security. Good trade. ;)
What do you guys think? Personally, I'm all for it.
So am I.
Cheers,
-- Nikodemus