Robot CA: toward zero-UI crypto


Posted

in


Kyle Hasselbacher wrote an article on Kuro5hin that seemed curious at the very least.  He has set up an automatic (pgp/gnupg) key signer:

A Robot CA is an automated key signer. Conceived by Phil Zimmermann, the robot’s signature indicates only that the user’s email address is correct, not that the name on the key correctly identifies the user. Given a key signed by the Robot CA, you can be sure that the email address on it really can read email encrypted with that key. This casual verification can be used as part of a larger scheme to make encryption easier for users who wouldn’t otherwise benefit from it.

I’m writing about the Robot CA because I’ve created one.

If this interests you, I’d suggest reading the article, otherwise it’s an interesting microthought.