1995-10-11 - Re: MITM evasion

Header Data

From: Jay Campbell <edge@got.net>
To: cypherpunks@toad.com
Message Hash: 06b6e553d57223e8e5962f405a9f515e5a39a9877ab8f0367d9e353e9061b24a
Message ID: <199510111005.DAA25739@you.got.net>
Reply To: N/A
UTC Datetime: 1995-10-11 09:52:20 UTC
Raw Date: Wed, 11 Oct 95 02:52:20 PDT

Raw message

From: Jay Campbell <edge@got.net>
Date: Wed, 11 Oct 95 02:52:20 PDT
To: cypherpunks@toad.com
Subject: Re: MITM evasion
Message-ID: <199510111005.DAA25739@you.got.net>
MIME-Version: 1.0
Content-Type: text/plain


The message below (posted earlier today) caught my attention - I believe it
is a (fake?) MITM-generated message, because Tim's sig file has changed
recently (new domain name (got.net) and a disclaimer was added). The sig
attached to this anonymous message is at least a month out of date.

Even if this isn't just a mistake, it's not a true MITM attack, since this
is a third party /not/ between Tim and toad.com ... more of a spoof.

Do I win anything?

>Return-Path: owner-cypherpunks@toad.com
>Date: Wed, 11 Oct 1995 09:55:07 +0100
>Subject: MITM evasion
>To: cypherpunks@toad.com
>Subject: MITM evasion
>From: anon-remailer@utopia.hacktic.nl (Anonymous)

       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>Organization: Hack-Tic International, Inc.
>Comments: Hack-Tic may or may not approve of the content of this posting
>Comments: Please report misuse of this automated remailing service to
<postmaster@utopia.hacktic.nl>
>Sender: owner-cypherpunks@toad.com
>
>Two years ago, I pointed out that getting a single message past
>the man in the middle isn't good enough; you have to convince your

                                 Unconvinced, for one ^^^^^^^^

>readers that the key they received on one channel is more accurate
>than the key they're receiving on all the other channels.
>But if they'll believe that, they may also believe the man in the middle's
>announcement that the key in your name on all the keyservers is
>wrong, and the correct key is the one he's putting out.
>Can't win either way, but it's still important to get the key out.
>
>My current key is 0x54696D4D; the fingerprint is 
>4D 65 44 75 53 61 21 2F   41 73 55 64 85 6D 21 7F.

This key isn't registered with the MIT keyserver; not proof in any sense,
but worth mentioning.

>
>..........................................................................
>Timothy C. May         | Crypto Anarchy: encryption, digital money,
>tcmay@sensemedia.net   | anonymous networks, digital pseudonyms, zero
>408-728-0152           | knowledge, reputations, information markets,
>Corralitos, CA         | black markets, collapse of governments.
>Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
>"National borders are just speed bumps on the information superhighway."
>
>
--
   Jay Campbell   Regional Operations Manager
   -=-=-=-=-=-=-  Sense Networking (Santa Cruz Node) 
   edge@got.net   MIT PGP KeyID 0xACAE1A89           
 
"On the Information Superhighway, I'm the guy 
  behind you in this morning's traffic jam leaning on his horn."






Thread