1995-10-11 - No Subject

Header Data

From: nobody@flame.alias.net (Anonymous)
To: cypherpunks@toad.com
Message Hash: fb41b58cf50f75af001876f055d31cc299efc450d3ab6eda26b9136ccbe4b83b
Message ID: <199510111418.PAA22841@utopia.hacktic.nl>
Reply To: N/A
UTC Datetime: 1995-10-11 14:51:18 UTC
Raw Date: Wed, 11 Oct 95 07:51:18 PDT

Raw message

From: nobody@flame.alias.net (Anonymous)
Date: Wed, 11 Oct 95 07:51:18 PDT
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199510111418.PAA22841@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



> Two years ago, I pointed out that getting a single message past
> the man in the middle isn't good enough; you have to convince your
> readers that the key they received on one channel is more accurate
> than the key they're receiving on all the other channels.
> But if they'll believe that, they may also believe the man in the middle's
> announcement that the key in your name on all the keyservers is
> wrong, and the correct key is the one he's putting out.
> Can't win either way, but it's still important to get the key out.
> 
> My current key is 0x54696D4D; the fingerprint is 
> 4D 65 44 75 53 61 21 2F   41 73 55 64 85 6D 21 7F.

but this is not Tim May's key, his key is:

pub  1024/54E7483F 1992/11/20 Timothy C. May <tcmay@netcom.com> 11-20-92
          Key fingerprint =  8C 79 1C 1B 6F 32 A1 D1  65 FB 5F 57 50 6D D3 28 


And this one is signed by these people:

pub  1024/54E7483F 1992/11/20 Timothy C. May <tcmay@netcom.com> 11-20-92
sig       0022E52D             Eric Hughes <hughes@soda.berkeley.edu>
sig       DDBE0DD5             John T. Draper <crunch@netcom.com>
sig       8F898631             Scott Collins (512) <Scott_Collins@genmagic.com>
sig       E972F011             E. Dean Tribble <tribble@xanadu.com>
sig       4C131F57             Tim Oren <oren@apple.com>
sig       F5257117             <tomj@wps.com>
sig       85197FB5             John Gilmore <gnu@cygnus.com>


at level two in the web of trust are these people:

pub   512/F5257117 1992/09/28 <tomj@wps.com>
sig       B1331439             Randy Bush <randy@psg.com>
                              Tom Jennings <tomj@fido.wps.com>
sig       DA0EDC81             Phil Karn <karn@unix.ka9q.ampr.org>
sig       F572C6A7             Jim Cannell <Jim.Cannell@f21.n216.z1.fidonet.org>
sig       0BD91A2D             Phil Karn <karn@unix.ka9q.ampr.org>
sig       F5257117             <tomj@wps.com>
                              Tom Jennings <tomj@fidosw.fidonet.org, 1:125/111>
sig       ADF733A9             Jesse David Hollington <1:225/1.1@fidonet.org>
sig       4D077463             Steve Matzura <steve.matzura@f203.n2603.z1.fidonet.org>
sig       E7F23D95             Mike Laster <1:170/300.23@fidonet>
sig       DB910037             Barry Kapke <96:101/33@dharma>
sig       5B77854F             Depository #1 [Public Keys]
sig       08F811DD             Marcos R. Della <mdella@polyslo.calpoly.edu>
sig       212EC54B             Guy Martin 1:143/269 (guy.martin@f269.n143.z1.fidonet.org)
sig       F572C6A7             Jim Cannell <Jim.Cannell@f21.n216.z1.fidonet.org>
sig       BDFB1F2D             George Gleason <gg@well.sf.ca.us>
sig       DDBE0DD5             John T. Draper <crunch@netcom.com>
sig       8F898631             Scott Collins (512) <Scott_Collins@genmagic.com>
sig       0022E52D             Eric Hughes <hughes@soda.berkeley.edu>
sig       E972F011             E. Dean Tribble <tribble@xanadu.com>
sig       4C131F57             Tim Oren <oren@apple.com>
sig       85197FB5             John Gilmore <gnu@cygnus.com>
sig       DA27EC35             Wes Perkhiser <wes.perkhiser@weise.omahug.org>
sig       E7960501             Paul Schencke <1:135/340@fidonet.org>
sig       9DB252DF             Mike Riddle
sig       734B9A59             Christopher Baker <1:374/14@fidonet.org>
sig       B1B6B823             GK Pace @ 1:374/26 <gk.pace@f26.n374.z1.fidonet.o

pub  1024/85197FB5 1992/11/08 John Gilmore <gnu@cygnus.com>
sig       5ACB1C6D             (Unknown signator, can't be checked)
sig       15100C27             (Unknown signator, can't be checked)
sig       DA0EDC81             Phil Karn <karn@unix.ka9q.ampr.org>
sig       0BD91A2D             Phil Karn <karn@unix.ka9q.ampr.org>
sig       9F9F38BB             Mark Eichin <eichin@athena.mit.edu>
sig       5B415621             Mark Eichin <eichin@paycheck.cygnus.com>
sig       66CE89B7             Mark Eichin <eichin@cygnus.com>
sig       0022E52D             Eric Hughes <hughes@soda.berkeley.edu>
sig       BDFB1F2D             George Gleason <gg@well.sf.ca.us>
sig       DDBE0DD5             John T. Draper <crunch@netcom.com>
sig       8F898631             Scott Collins (512) <Scott_Collins@genmagic.com>
sig       0245C435             Dave Krieger <dkrieger@netcom.com>
sig       4C131F57             Tim Oren <oren@apple.com>
sig       E972F011             E. Dean Tribble <tribble@xanadu.com>
sig       F5257117             <tomj@wps.com>
sig       71946BDF             Phil Karn <karn@qualcomm.com>


If you knew any of the level 1, or level 2 signatories personally and
had exchanged keys face to face, you'd have some assurance.


Also this level 3:

pub  1024/DA0EDC81 1994/07/25 Phil Karn <karn@unix.ka9q.ampr.org>
sig       ED2354B9             Ulla Sandberg <ulla@stupi.se>
sig       9C57B951             Peter Lothberg <roll@stupi.se>
sig       C7A966DD             Philip R. Zimmermann <prz@acm.org>

PRZ, as your PGP distrbution is probably signed by this key, unless
you've inspected the source personally, you're relying on this key
anyway.


Level 4 would be a big web as lots of people fan out from PRZ.






Thread