Subject: Re: cgd and remote keys
To: David Holland <dholland-security@netbsd.org>
From: Perry E. Metzger <perry@piermont.com>
List: tech-security
Date: 12/31/2007 15:54:35
David Holland <dholland-security@netbsd.org> writes:
> I would lean towards pgp-encrypted keys fetched using something like
> curl, because that way you get the most flexibility in the transport
> and all you need to host the keys is a web server. With proper use of
> pgp (and possibly additional nonces to prevent replay attacks) it
> should be safe to use plain http.

Minor comment: no reason to use curl -- NetBSD's ftp will fetch URLs...

> It sounds like a good idea overall.

Ditto.

-- 
Perry E. Metzger		perry@piermont.com