On 2003-09-02 at 18:43 +0200, Mans Nilsson wrote:
Quoting Jørgen Hovland (jorgen@hovland.cx):
I'm not. One reason is that I think it is a bit deprecated, and if I wanted to collect stamps I would go to a stampshop.
*ROTFL* These are a bit more useful than historical stamps, but the character description is a fair jab. :^) But those of us who collect signatures do so because it achieves something, not _just_ because it satisfies some boyish collector instinct (I've just realised that I don't think I've ever seen a woman at a keysigning).
The other is that RIPE is implementing X509 authentication. I think it would certainly be much better to do something that was related to this than doing something that was not... if possible.
I disagree -- but then again I do not understand this X509 stuff.
I don't understand X509 sufficiently to make suggestions, but if it does allow for distributed trust, such as PGP/GPG/whatever's web-of-trust, then the proposal for RIPE doesn't exclude it. The proposal is for "crypto keys", not "PGP keys" even though they're the most obvious and likely beneficiary. As far as I'm concerned, the collected information should be treated as a blob of text. It can be PGP, X<nnn>, or anything else. A bit like the early flexibility of the RIPE database -- don't prohibit content. The key (bad pun, sorry) is to reduce the potential for human error in transcription and reduce the work required per key/identity verification. Perhaps amend the original suggestion to explicitly collect a pair, "crypto system"/"crypto pub-key". Crypto: PGP / 6F99 1154 7B13 3294 F1FB 78A7 2622 C81A 9525 CBBA Another private reply suggested that I collect private replies and report tallies to the list. I'm willing to do this. -- Phil Pennock, Senior Systems Administrator, Demon Internet Netherlands NL Sales: +31 20 422 20 00 Thus Plc NL Support: 0800 33 6666 8