1997-07-03 - Re: PGP security problems?

Header Data

From: “Robert A. Costner” <pooh@efga.org>
To: cypherpunks@toad.com
Message Hash: 03ba5c42fde9a09a3c9481ef45a88cfad6da2a01a53528ba0223cd917bda58c4
Message ID: <3.0.3.32.19970703041536.00cc566c@mail.atl.bellsouth.net>
Reply To: <199707030715.BAA26652@wombat.sk.sympatico.ca>
UTC Datetime: 1997-07-03 08:30:46 UTC
Raw Date: Thu, 3 Jul 1997 16:30:46 +0800

Raw message

From: "Robert A. Costner" <pooh@efga.org>
Date: Thu, 3 Jul 1997 16:30:46 +0800
To: cypherpunks@toad.com
Subject: Re: PGP security problems?
In-Reply-To: <199707030715.BAA26652@wombat.sk.sympatico.ca>
Message-ID: <3.0.3.32.19970703041536.00cc566c@mail.atl.bellsouth.net>
MIME-Version: 1.0
Content-Type: text/plain



At 01:18 AM 7/3/97 EST, Carolyn Turbyfill (probably didn't) write:
>The email forgeries using bogus PGP keys to give the appearance
>that the messages are from PGP, Inc. and our employees are the
>result of a sick, twisted mind.

While a keyserver with no authentication has a very low barrier to entry
for false authentication, the barrier is not that much higher for even a
Verisign class three verification.  I've continually said that the biggest
problem with secure authentication is that secure authentication is not
possible.

I hate to see people doing such things with keyservers and keys, but we all
knew the problem existed.  I wonder where the solution is.


  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:pooh@efga.org  
     http://www.efga.org/            run PGP 5.0 for my public key






Thread