The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Поиск:  Каталог документации | Безопасность, защита информации

alt.security.keydist Frequently Asked Questions

This article explains how to distribute public encryption keys through the newsgroup alt.security.keydist
Archive-Name: computer-security/keydist-faq
Posting-Frequency: monthly (28th of every month)
Last-Modified: 30 March 1999
Alt-security-keydist-archive-name: faq
Demon-security-keys-archive-name: alt-security-keydist-faq
URL: http://web.superb.net/islander/crypto/alt-security-keydist-FAQ.html

--PGP-signed-message-27621
------------------------------

Subject: Introduction

This is a list of Frequently Asked Questions (and answers) for the
unmoderated newsgroup alt.security.keydist.  It explains the purpose of the
newsgroup and how to efficiently distribute public encryption keys using
alt.security.keydist.  It is a very short FAQ.

This FAQ assumes you have a basic working knowledge of your chosen
encryption software.  If you need more information about particular
software, please try the resources listed at the end of this FAQ.

------------------------------

Subject: Contents of this FAQ.

1. Introduction
2. Contents of this FAQ.
3. What is this newsgroup for?
4. Why not just use a keyserver?
5. How do I post my key to alt.security.keydist?
6. Should I post my key to other newsgroups?
7. Further information about specific PKE software.

------------------------------

Subject: What is this newsgroup for?

This is the charter from Jonathan Haas' original newgroup message, posted
28 February 1993:

> For your newsgroups file:
> alt.security.keydist    Exchange of keys for public key encryption systems
> 
> This group is for people who use public key encryption systems such as
> PGP or RIPEM to have a place to exchange public keys.

Jonathan's entire control message is archived at
<URL:ftp://ftp.uu.net/usenet/control/alt/alt.security.keydist>.

------------------------------

Subject: Why not just use a keyserver?

Although I'm sure many people have many different reasons for using this
newsgroup, I see two major ones:

First, there are several public key encryption (PKE) systems, including
RIPEM and SIFR, that do not have practical keyservers online.   A newsgroup
can serve as a de facto keyserver for users of such systems.

Second, even for PKE systems with established keyservers (i.e. PGP),
alt.security.keydist provides "another channel of distribution".  Many PGP
users attempt to distribute their public keys through as many protocols as
possible.  Such users often have their keys available in such diverse
locations as keyservers (distribution by e-mail), in .plan files
(distribution by finger), on web pages (distribution by http), and in ftp
archives.  alt.security.keydist is another protocol for redundant key
distribution, distribution by netnews.

(This FAQ's author currently distributes his PGP public key by finger, by
web, by keyserver, and by newsgroup.  At times, he's also distributed it by
Fidonet echomail and CompuServe file library.  This FAQ's author is prone
to overkill.)

------------------------------

Subject: How do I post my key to alt.security.keydist?

Whatever PKE software you're using must be able to extract your public key
to a '7-bit', 'flat ascii', or 'plaintext' file.  (The PGP command for this
is "pgp -kxa userid".  PEM, RIPEM, and S/MIME always store keys in 7-bit
format.  The SIFR command is "sifr -x sendername".)  Once you've extracted
your key, start an article to alt.security.keydist, import the keyfile into
your article, and post it.

Your subject line should state which PKE software you're posting a key for,
and the e-mail address the key is for.  I also recommend redirecting
followups to e-mail with a "Followup-To: poster" header, because
alt.security.keydist really isn't a discussion group.

You should repost your public key whenever it changes (i.e., you change
your e-mail address, add a certification, or revoke the key).  Given the
ephemeral nature of netnews articles, periodically reposting unchanged keys
is not unheard of.  Users who expect to repost keys often should consider
adding "Expires:" and "Supersedes:" headers to their posts.  The
documentation for your newsreading software should explain these headers.

MIME-educated PGP-users should use "Content-Type: application/pgp-keys" for
posted public keys.  See <URL:ftp://ds.internic.net/rfc/rfc2015.txt> for
details of the MIME/PGP standard.

By the way, don't clear-sign your PGP keys!  That just makes it harder for
people to add your key to their keyring.  (Think about it:  How do people 
verify the signature if they don't yet have the key on their keyring?)

------------------------------

Subject: Should I post my key to other newsgroups?

If you mean "Should I post my key to other alt.security.* or
comp.security.* newsgroups?", the answer is a definite "No".  Those groups
are discussion and/or announcement groups, and public keys don't count,
unless they're *very* important keys (such as a timestamp server's).

There are, however, at least 9 other key-distribution newsgroups located in
smaller news hierarchies.  You might want to crosspost your public keys to
one of these newsgroups:

The newsgroup demon.security.keys is part of the internal hierarchy for
Demon Internet (an internet service provider in the United Kingdom), but
has much wider distribution.  Recommended for PKE-users in the UK.

The newsgroup fidonet.pkey_drop is a gated version of the Fidonet backbone
echo PKEY_DROP.

The newsgroups t-netz.pgp.schluessel, z-netz.alt.pgp.schluessel, 
domino.pgp.schluessel, and waros.pgp.schluessel are for distributing PGP
keys only, and are part of German-language news hierarchies ("schluessel"
means "keys").

I have no information about the newsgroups city-net.diverses.pgp-keys,
hothouse.lokal.pgp-keys, and real-net.computer.pgp.public_key, beyond
what's revealed in the newsgroup names.  They are probably all ISP-local
groups.

------------------------------

Subject:  Further information about specific PKE software.

For more information about PGP, see <URL:http://www.pgp.net/> and/or the
the newsgroup comp.security.pgp.announce

For more information about RIPEM, see
<URL:http://www.cs.indiana.edu/ripem/dir.html> and/or the newsgroup
alt.security.ripem

For more information about PEM and S/MIME, see <URL:http://www.rsa.com/>.

--PGP-signed-message-27621
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUANwE55cRHZFQbZSuZAQEePwP/VD+OmEgR4Jqfoz+L1aKAF7JGvU9Ncm0v
EjRZx62ty+DCbLokX9X+BshHW2BERwafPoGYGLght0vY3pf9y1xF9wCjiGtDYTTu
4b8/rVKqhaKSc6IycmLfwYBnvBZv9dz5xbdgTl49YoJDv8zfXvdHazhQQcXk60wA
yvFIe45si7o=
=8ZTG
-----END PGP MESSAGE-----

--PGP-signed-message-27621--



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру