home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
faqs
/
alt
/
answers
/
computer-security
/
keydist-faq
< prev
Wrap
Internet Message Format
|
1997-09-29
|
8KB
Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!c-1996!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!newsfeed.internetmci.com!192.48.96.126!in2.uu.net!ftl.msen.com!conch.msen.com!not-for-mail
From: Michael Bauser <islander@netbox.com>
Newsgroups: alt.security.keydist,demon.security.keys,alt.answers,news.answers
Subject: alt.security.keydist Frequently Asked Questions
Supersedes: <alt-security-keydist-faq_872784002@msen.com>
Followup-To: poster
Date: 28 Sep 1997 12:00:21 -0400
Organization: The alt.security.keydist Preservation Society
Lines: 162
Sender: islander@msen.com
Approved: news-answers-request@MIT.EDU
Message-ID: <alt-security-keydist-faq_875462402@msen.com>
NNTP-Posting-Host: conch.msen.com
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
boundary=PGP-signed-message-8924; micalg=pgp-md5
Summary: This article explains how to distribute public encryption
keys through the newsgroup alt.security.keydist
Article-Names: alt.security.keydist:faq
PICS-Label: (PICS-1.1 "http://www.weburbia.com/safe/" l r (s 0))
Xref: senator-bedfellow.mit.edu alt.security.keydist:1163 alt.answers:29235 news.answers:113284
Archive-Name: computer-security/keydist-faq
Posting-Frequency: monthly (28th of every month)
Last-Modified: 13 April 1997
Alt-security-keydist-archive-name: faq
Demon-security-keys-archive-name: alt-security-keydist-faq
URL: http://www.superb.net/~islander/crypto/alt-security-keydist-FAQ.html
--PGP-signed-message-8924
------------------------------
Subject: Introduction
This is a list of Frequently Asked Questions (and answers) for the
unmoderated newsgroup alt.security.keydist. It explains the purpose of the
newsgroup and how to efficiently distribute public encryption keys using
alt.security.keydist. It is a very short FAQ.
This FAQ assumes you have a basic working knowledge of your chosen
encryption software. If you need more information about particular
software, please try the resources listed at the end of this FAQ.
------------------------------
Subject: Contents of this FAQ.
1. Introduction
2. Contents of this FAQ.
3. What is this newsgroup for?
4. Why not just use a keyserver?
5. How do I post my key to alt.security.keydist?
6. Should I post my key to other newsgroups?
7. Further information about specific PKE software.
------------------------------
Subject: What is this newsgroup for?
This is the charter from Jonathan Haas' original newgroup message, posted
28 February 1993:
> For your newsgroups file:
> alt.security.keydist Exchange of keys for public key encryption systems
>
> This group is for people who use public key encryption systems such as
> PGP or RIPEM to have a place to exchange public keys.
Jonathan's entire control message is archived at
<URL:ftp://ftp.uu.net/usenet/control/alt/alt.security.keydist>
------------------------------
Subject: Why not just use a keyserver?
Although I'm sure many people have many different reasons for using this
newsgroup, I see two major ones:
First, there are several public key encryption (PKE) systems, including
RIPEM and SIFR, that do not have practical keyservers online. A newsgroup
can serve as a de facto keyserver for users of such systems.
Second, even for PKE systems with established keyservers (i.e. PGP),
alt.security.keydist provides "another channel of distribution". Many PGP
users attempt to distribute their public keys through as many protocols as
possible. Such users often have their keys available in such diverse
locations as keyservers (distribution by e-mail), in .plan files
(distribution by finger), on web pages (distribution by http), and in ftp
archives. alt.security.keydist is another protocol for redundant key
distribution, distribution by netnews.
(This FAQ's author currently distributes his PGP public key by finger, by
web, by keyserver, and by newsgroup. At times, he's also distributed it by
Fidonet echomail and CompuServe file library. This FAQ's author is prone
to overkill.)
------------------------------
Subject: How do I post my key to alt.security.keydist?
Whatever PKE software you're using must be able to extract your public key
to a '7-bit', 'flat ascii', or 'plaintext' file. (The PGP command for this
is "pgp -kxa userid". PEM, RIPEM, and S/MIME always store keys in 7-bit
format. The SIFR command is "sifr -x sendername".) Once you've extracted
your key, start an article to alt.security.keydist, import the keyfile into
your article, and post it.
Your subject line should state which PKE software you're posting a key for,
and the e-mail address the key is for. I also recommend redirecting
followups to e-mail with a "Followup-To: poster" header, because
alt.security.keydist really isn't a discussion group.
You should repost your public key whenever it changes (i.e., you change
your e-mail address, add a certification, or revoke the key). Given the
ephemeral nature of netnews articles, periodically reposting unchanged keys
is not unheard of. Users who expect to repost keys often should consider
adding "Expires:" and "Supersedes:" headers to their posts. The
documentation for your newsreading software should explain these headers.
MIME-educated PGP-users should use "Content-Type: application/pgp-keys" for
posted public keys. See <URL:ftp://ds.internic.net/rfc/rfc2015.txt> for
details of the MIME/PGP standard.
By the way, don't clear-sign your PGP keys! That just makes it harder for
people to add your key to their keyring. (Think about it: How do people
verify the signature if they don't yet have the key on their keyring?)
------------------------------
Subject: Should I post my key to other newsgroups?
If you mean "Should I post my key to other alt.security.* or
comp.security.* newsgroups?", the answer is a definite "No". Those groups
are discussion and/or announcement groups, and public keys don't count,
unless they're *very* important keys (such as a timestamp server's).
There are, however, at least 9 other key-distribution newsgroups located in
smaller news hierarchies. You might want to crosspost your public keys to
one of these newsgroups:
The newsgroup demon.security.keys is part of the internal hierarchy for
Demon Internet (an internet service provider in the United Kingdom), but
has much wider distribution. Recommended for PKE-users in the UK.
The newsgroup fidonet.pkey_drop is a gated version of the Fidonet backbone
echo PKEY_DROP.
The newsgroups t-netz.pgp.schluessel, z-netz.alt.pgp.schluessel,
domino.pgp.schluessel, and waros.pgp.schluessel are for distributing PGP
keys only, and are part of German-language news hierarchies ("schluessel"
means "keys").
I have no information about the newsgroups city-net.diverses.pgp-keys,
hothouse.lokal.pgp-keys, and real-net.computer.pgp.public_key, beyond
what's revealed in the newsgroup names. They are probably all ISP-local
groups.
------------------------------
Subject: Further information about specific PKE software.
For more information about PGP, see <URL:http://www.pgp.com/> and/or the
the newsgroup comp.security.pgp.announce
For more information about RIPEM, see
<URL:http://www.cs.indiana.edu/ripem/dir.html> and/or the newsgroup
alt.security.ripem
For more information about PEM and S/MIME, see <URL:http://www.rsa.com/>.
--PGP-signed-message-8924
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: 2.6.2
iQCVAwUAM1L/F8RHZFQbZSuZAQG5igP+PkDD+jX2+Q6leyUVBfxhWCfVk90xl8q9
MbwuOAG2lqTfRse7L2ea4BrOSWVFlZuL7GGtZlbir2pQUC70kbvrv6Xe0l71WZvv
w8QLu4zKh7NlwZLVJ+g/uGA0w2igYO0oQKFjN3j89wZRvvL8Pxz/EFyrI9kl2nGd
G8InyTrQlrU=
=mFu3
-----END PGP MESSAGE-----
--PGP-signed-message-8924--