1995-09-03 - Re: O.J. ObCrypto: Fuhrman’s Folly Fans Fakery Fears…

Header Data

From: monty.harder@famend.com (MONTY HARDER)
To: CYPHERPUNKS@toad.com
Message Hash: 3bddb7170c4297abdfaaffbd797027e8d9ad1c096a7717ef5038edbdf01b4257
Message ID: <8B05513.00030003DB.uuout@famend.com>
Reply To: N/A
UTC Datetime: 1995-09-03 03:43:40 UTC
Raw Date: Sat, 2 Sep 95 20:43:40 PDT

Raw message

From: monty.harder@famend.com (MONTY HARDER)
Date: Sat, 2 Sep 95 20:43:40 PDT
To: CYPHERPUNKS@toad.com
Subject: Re: O.J. ObCrypto:  Fuhrman's Folly Fans Fakery Fears...
Message-ID: <8B05513.00030003DB.uuout@famend.com>
MIME-Version: 1.0
Content-Type: text/plain


BS> For the problem that started this discussion, though, there's no good solution.
BS> Since the Bad Guys _can_ encrypt a message to you with your signature key,
BS> and send it to you by anonymous remailer, they can plant a reason to suspect
BS> that you may have evidence encrypted with that key.

  You've got it backwards. The problem that I originally posited was a
corrupt key escrow agent using my signature key to forge a document. The
fact that my signature pubkey could be used to encrypt messages to me is
not particularly relevant. My employer could set up filters to keep me
from recieving email on company time that is not encrypted to a key that
the corporate escrow authority has in its possession.  NBD.

  My concern here is with the NGACK situation. Companies have valid
reasons to want escrow for their own purposes. I'm just warning people
not to accept a signature key being escrowed by =anyone=. When you
create a key to be escrowed, make sure the userid includes something
like [Not Valid For Signatures].


 * Pro Choice on Abortion.
 * No choice on Education.
 * Huh?
---
 * Monster@FAmend.Com *    





Thread