[clo-devel] "authentication"
Nikodemus Siivola
nikodemus at random-state.net
Wed Nov 5 19:51:53 UTC 2003
On Wed, Nov 05, 2003 at 01:34:44PM -0500, Erik Enge wrote:
> <dan`b> kire: the interesting question to the end-user is "did this
> package come from someone with a cl.net account"
Right on the mark.
> <dan`b> so, for the cl.net application procedure, you ask people to
> send you signed mail to apply
>
> <dan`b> and you send the inital username/password etc details
> encrypted to that same key
>
> <dan`b> then you know that the cl.net user is the owner of the gpg
> key, and you can sign the key in question
Minimal complication to procedure, fair inscrease in security. Good
trade. ;)
> What do you guys think? Personally, I'm all for it.
So am I.
Cheers,
-- Nikodemus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20031105/8afc7429/attachment.sig>
More information about the clo-devel
mailing list