>>>>> "kmself" == kmself <kmself@ix.netcom.com> writes:
kmself> Ok. So, to ensure key integrity, I do what?
This is something (IMHO) ssh doesn't address satisfactory (Also I
often wonder why ssh needs to use a new key format of its own, rather
then reuse keys generated, say by gpg, where a web of trust can
exist).
There are some options:
- copy file via ssh using password authentication (this is the method
I usually use).
- ring up the administrator (how does he know that he is talking to
the right person?) and compare the fingerprints of the keys, before he
installs your key. A face to face meeting is generally considered even
more secure, where you can produce some photo-ID card to proof your
identity.
- send key that has been signed by PGP/GnuPG.
- probably lots of others that I may have missed.
--
Brian May <[EMAIL PROTECTED]>
