11 Nov
2003
11 Nov
'03
1:06 p.m.
Marco Baringer <mb@bese.it> writes:
ok, so this "guarntees" that the key belongs to whevere has access to that account (which is good), but how do you get people to trust common-lisp.net's key? am i missing something simple?
I'm guessing that when you send me your public key to register for a project and I reply with your password in an encrypted email (signed with the common-lisp.net key), you import the common-lisp.net key and sign it and then use it to verify the keyring whenever you need to. Does that sound like a plan? We should also publish it's fingerprint on the website. Erik.