perhaps getting off-topic (Re: OpenPGP auth)
sen_ml at eccosys.com
sen_ml at eccosys.com
Thu Aug 3 13:06:10 EST 2000
From: Pete Chown <Pete.Chown at skygate.co.uk>
Subject: Re: OpenPGP auth
Date: Wed, 2 Aug 2000 15:42:37 +0100
Message-ID: <20000802154237.B13181 at hyena.skygate.co.uk>
> sen_ml at eccosys.com wrote:
>
> > if i dug enough, i could also find a later post from [Werner Koch]
> > saying that it would be really nice to have an openpgp packet
> > manipulation library too ;-)
>
> Yes -- there have been a few posts along these lines on the gnupg
> lists over the last week or so. I got this wrong; sorry.
no worries ;-)
> My motivation is not really to let people use the same keys for
> everything, although that might be useful in some circumstances.
i agree that it would be useful under certain circumstances -- in
combination w/ some sort of general agent mechanism (which allows
selective decryption of keys, for instance), i would be fairly happy.
> What I think is neat about OpenPGP auth is that it makes access
> control more flexible. You could, for example, grant access to
> systems just by signing a key. If you wanted to withdraw access again
> you could revoke the signature. I will be fascinated to see how well
> this works in practice.
for reference, if you have not already done so, i would suggest that
you have a look at the "now expired" [1] pgp ticket draft.
there's something relevant pointed at by:
http://noc.rutgers.edu/~mione/ietf/pgptick/
[1] last i checked it had expired anyway
More information about the openssh-unix-dev
mailing list