1994-08-29 - Re: Announcing Bellcore’s Trusted Software Integrity (Betsi) System

Header Data

From: paul@poboy.b17c.ingr.com (Paul Robichaux)
To: cactus@bibliob.slip.netcom.com (L. Todd Masco)
Message Hash: c8747b7d17efddafdce7507bdba9bd6e331a848f9d365cb5f8e93fef268a8ab6
Message ID: <199408292126.AA02540@poboy.b17c.ingr.com>
Reply To: <33tf52$744@bb.com>
UTC Datetime: 1994-08-29 21:26:33 UTC
Raw Date: Mon, 29 Aug 94 14:26:33 PDT

Raw message

From: paul@poboy.b17c.ingr.com (Paul Robichaux)
Date: Mon, 29 Aug 94 14:26:33 PDT
To: cactus@bibliob.slip.netcom.com (L. Todd Masco)
Subject: Re: Announcing Bellcore's Trusted Software Integrity (Betsi) System
In-Reply-To: <33tf52$744@bb.com>
Message-ID: <199408292126.AA02540@poboy.b17c.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> In article <199408291628.MAA19544@faline.bellcore.com>,
> Avi Rubin <rubin@faline.bellcore.com> wrote:
> >-----BEGIN PGP PUBLIC KEY BLOCK-----
> ...
> >-----END PGP PUBLIC KEY BLOCK-----
> >
> >Fingerprint:
> >
> >5F 34 26 5F 2A 48 6B 07  90 C9 98 C5 32 C3 44 0C

> I've seen this sort of thing several places...

> Am I totally off base in thinking that distributing the fingerprint in
>  the same way as the public key is close to totally pointless?

Distributing the key fingerprint allows J. Random Human to correlate a
key supplied via one method with that supplied via another. For
example, now that I have the fingerprint for the Betsi key, I can
verify whether any other alleged Betsi key I see is real or not.

It's a lot easier to read off & cross-check 32-character fingerprints
than the entire key block, especially as signatures are added and the
key block grows in size.

- -Paul

- -- 
Paul Robichaux, KD4JZG        |  Demand that your elected reps support the
perobich@ingr.com             |  Constitution, the whole Constitution, and
Not speaking for Intergraph.  |  nothing but the Constitution.

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLmJSdKfb4pLe9tolAQEZkgP/W7P8Edw8sEI78V3HgtDjXDo/F09Gw7VF
4FH6pMIVT9w/jT30Adf6BxL+dhb1mcHuBhnhr7bIA31cerZpt+NiVwBbqAoSh+XW
vFfkId5k3qmUIAypFQFe5BSHKS+yF6Rf8ERXZAFv2+a/ZJrpLxnW6FgFiU+dFt86
KEK/5EFiOCw=
=qlgk
-----END PGP SIGNATURE-----





Thread