+++ /dev/null
-caff -- CA - fire and forget
-
-caff is a script that helps you in keysigning. It takes a list of
-keyids on the command line, fetches them from a keyserver and calls
-GnuPG so that you can sign it. It then mails each key to all its
-email addresses - only including the one UID that we send to in each
-mail.
-
-
-Features:
- * Easy to setup.
- * Attaches only the very UID that we send to in the mail.
- * Prunes the key from all signatures that are not self sigs and
- not done by you, thereby greatly reducing the size of mails.
- * Sends the mail encrypted if possible, will warn before sending
- unencrypted mail (sign only keys)
- * Creates proper PGP MIME messages.
- * Uses separate GNUPGHOME for all its operations.
-
-Caveats:
- * Requires a gpg patch for now, until 2 bugs are fixed:
- http://bugs.debian.org/252917 gnupg: --with-colons and --edit delsigs
- http://bugs.debian.org/254072 gpg should flush stdout before prompting in --edit
-
-Discussion:
-
-Since we do not upload the new signatures, or import them into our
-main keyring, the signature only gets public if:
- - the email address is valid
- - the person reading the email can decrypt the mail (if it was sent
- encrypted).
-
-Therefore we achieve the same level of security as common Challenge
-Repsonse systems like CABot, without all the extra hassle of those
-systems.
-
-
---
-Peter
-$Id$