Archive-Name: computer-security/keydist-faq
Posting-Frequency: monthly Last-Modified: 23 December 2003 Alt-security-keydist-archive-name: faq Demon-security-keys-archive-name: alt-security-keydist-faq URL: http://www.bauser.com/alt.security.keydist/FAQ.html See reader questions & answers on this topic! - Help others by sharing your knowledge -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------ Subject: Introduction This is a list of Frequently Asked Questions (and answers) for the unmoderated newsgroup alt.security.keydist. It explains the purpose of the newsgroup and how to efficiently distribute public encryption keys using alt.security.keydist. It is a very short FAQ. This FAQ assumes you have a basic working knowledge of your chosen encryption software. If you need more information about particular software, please try the resources listed at the end of this FAQ. - ------------------------------ Subject: Contents of this FAQ. 1. Introduction 2. Contents of this FAQ. 3. What is this newsgroup for? 4. Why not just use a keyserver? 5. How do I post my key to alt.security.keydist? 6. Should I post my key to other newsgroups? 7. Further information about specific PKE software. - ------------------------------ Subject: What is this newsgroup for? This is the charter from Jonathan Haas's original newgroup message, posted 28 February 1993: > For your newsgroups file: > alt.security.keydist Exchange of keys for public key encryption systems > > This group is for people who use public key encryption systems such as > PGP or RIPEM to have a place to exchange public keys. Jonathan's entire control message is archived at ftp://ftp.uu.net/usenet/control/alt/alt.security.keydist - ------------------------------ Subject: Why not just use a keyserver? Although I'm sure many people have many different reasons for using this newsgroup, there are two major ones: First, there are several public key encryption (PKE) systems (such as InvisiMail, Puffer, RIPEM, Vouch, and Sifr) that do not have keyserver networks. A newsgroup can serve as a de facto keyserver forusers of those systems. Second, even for PKE systems with established keyservers (i.e. PGP), alt.security.keydist provides "another channel of distribution". Many PGP users attempt to distribute their public keys through as many protocols as possible. Such users often have their keys available in such diverse locations as keyservers (distribution by e-mail and http), in .plan files (distribution by finger), on web pages (distribution by http), and in ftp archives. alt.security.keydist is another protocol for redundant key distribution: distribution by netnews. (This FAQ's author has, at various times, distributed his key by finger, by web, by keyserver, by newsgroup, by Fidonet echomail and by CompuServe file library. This FAQ's author is prone to overkill.) - ------------------------------ Subject: How do I post my key to alt.security.keydist? Whatever PKE software you're using must be able to extract your public key to a '7-bit', 'flat ascii', or 'plaintext' file. (Most PKE programs now export keys in text format by default.) Once you've extracted your key, just start an article to alt.security.keydist, cut-and-paste the keyfile into your article, and post it. Your subject line should state what software you're posting a key for, and the e-mail address the key is for. I also recommend redirecting followups to e-mail with a "Followup-To: poster" header, because alt.security.keydist really isn't a discussion group. You should repost your public key whenever it changes (i.e., you change your e-mail address, add a certification, or revoke the key). Given the ephemeral nature of netnews articles, periodically reposting unchanged keys is acceptable. Users who expect to repost keys often should consider adding "Expires:" and/or "Supersedes:" headers to their posts. The documentation for your newsreading software should explain these headers. MIME-educated PGP-users (and GPG-users) may want to use "Content-Type: application/pgp-keys" for posting public keys. (This will make it easier for many PGP users to import your key, but it may prevent Google Groups from archiving the post containing the key.) See RFC 3156 at http://www.ietf.org/rfc/rfc3156.txt for a description of the PGP media types. By the way, don't clear-sign the message containing your public key! That just makes it harder for people to add your key to their keyrings (Think about it: How do people verify the signature if they don't yet have the key on their keyring?) and does not verify the integrity of your key. - ------------------------------ Subject: Should I post my key to other newsgroups? If you mean "Should I post my key to other alt.security.* or comp.security.* newsgroups?", the answer is a definite "No". Those groups are discussion and/or announcement groups, and public keys don't count, unless they're very important keys (such as keys belonging to a timestamp server or certficate authority). There are, however, at least 9 other key-distribution newsgroups located in smaller news hierarchies. You might want to crosspost your public keys to one of these newsgroups, or monitor them for new keys: The newsgroup demon.security.keys is part of the internal hierarchy for Demon Internet (an internet service provider in the United Kingdom), but has much wider distribution. Recommended for PKE-users in the UK. The newsgroup fidonet.pkey_drop is a (defunct?) gated version of the Fidonet backbone echo PKEY_DROP. You cannot post to it from the netnews side. The newsgroups t-netz.pgp.schluessel, z-netz.alt.pgp.schluessel, domino.pgp.schluessel, and waros.pgp.schluessel are for distributing PGP keys only, and are part of German-language news hierarchies ("schluessel" means "keys"). I have no information about the newsgroups city-net.diverses.pgp-keys, hothouse.lokal.pgp-keys, and real-net.computer.pgp.public_key, beyond what's revealed in the newsgroup names. They are probably all ISP-local groups. - ------------------------------ Subject: Further information about specific PKE software. GPG is available at http://www.gnupg.org/ PGP is available at http://www.pgp.com/ and http://www.pgpi.org/ Puffer is available from http://www.briggsoft.com/ RIPEM is available at http://www.cpsr.org/cpsr/privacy/crypto/tools/ripem/ InvisiMail and Sifr are apparently no longer available. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) - WinPT 0.7.96rc1 iD8DBQE/7oqqcpuEJT2bpHsRAiQjAJ0fg9YkjoLiT64liC2fLvNdMauoOwCglF/0 Hu5GRX/eMSeUKzxs17tVV8g= =cBTp -----END PGP SIGNATURE----- User Contributions:
[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer: Michael Bauser <faqs@bauser.com>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: