[clo-devel] "authentication"

Nikodemus Siivola nikodemus at random-state.net
Wed Nov 5 19:51:53 UTC 2003


On Wed, Nov 05, 2003 at 01:34:44PM -0500, Erik Enge wrote:

>   <dan`b> kire: the interesting question to the end-user is "did this
>   package come from someone with a cl.net account"

Right on the mark.

>   <dan`b> so, for the cl.net application procedure, you ask people to
>   send you signed mail to apply
> 
>   <dan`b> and you send the inital username/password etc details
>   encrypted to that same key
> 
>   <dan`b> then you know that the cl.net user is the owner of the gpg
>   key, and you can sign the key in question

Minimal complication to procedure, fair inscrease in security. Good
trade. ;)

> What do you guys think?  Personally, I'm all for it.

So am I.

Cheers,

 -- Nikodemus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20031105/8afc7429/attachment.sig>


More information about the clo-devel mailing list