X-Git-Url: https://git.sthu.org/?a=blobdiff_plain;f=caff%2FREADME;fp=caff%2FREADME;h=2af310ece74b779bee09a13be1452741f656514d;hb=0d160bed87b5f23fa2601d50270697b8aff57088;hp=0000000000000000000000000000000000000000;hpb=79aa08be7cef14861a3373149d072d6f789bb40d;p=pgp-tools.git

diff --git a/caff/README b/caff/README
new file mode 100644
index 0000000..2af310e
--- /dev/null
+++ b/caff/README
@@ -0,0 +1,45 @@
+caff  --  CA - fire and forget
+
+caff is a script that helps you in keysigning.  It takes a list of
+keyids on the command line, fetches them from a keyserver and calls
+GnuPG so that you can sign it.  It then mails each key to all its
+email addresses - only including the one UID that we send to in each
+mail.
+
+Features:
+ * Easy to setup.
+ * Attaches only the very UID that we send to in the mail.
+ * Prunes the key from all signatures that are not self sigs and
+   not done by you, thereby greatly reducing the size of mails.
+ * Sends the mail encrypted if possible, will warn before sending
+   unencrypted mail (sign only keys)
+ * Creates proper PGP MIME messages.
+ * Uses separate GNUPGHOME for all its operations.
+
+Special Requirements:
+ * GnuPG 1.3.92 or later.
+
+Discussion:
+
+Since we do not upload the new signatures, or import them into our
+main keyring, the signature only gets public if:
+ - the email address is valid
+ - the person reading the email can decrypt the mail (if it was sent
+   encrypted).
+
+Therefore we achieve the same level of security as common Challenge
+Repsonse systems like CABot, without all the extra hassle of those
+systems.
+
+
+
+Dependencies: gnupg (>= 1.3.92), perl, libgnupg-interface-perl, libtext-template-perl, libmime-perl, libmailtools-perl (>= 1.62), mailx
+
+
+INSTALLATION NOTES
+
+After creating a ~/.caffrc from the template, caff almost works out of the box.
+
+-- 
+Peter
+$Id$