1996-01-30 - Your mail to Nathaniel (was Re: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit))

Header Data

From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: cypherpunks@toad.com
Message Hash: 37fbcd1e1b154e3c66cacbc6286da8770d3f4e524e0f441371f3b0a253057284
Message ID: <24315.822976343.1@nsb.fv.com>
Reply To: N/A
UTC Datetime: 1996-01-30 06:33:00 UTC
Raw Date: Tue, 30 Jan 1996 14:33:00 +0800

Raw message

From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 14:33:00 +0800
To: cypherpunks@toad.com
Subject: Your mail to Nathaniel (was Re: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit))
Message-ID: <24315.822976343.1@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello.  I am Nathaniel Borenstein's automatic mail robot.  It is IMPORTANT
that you read this message, if you haven't read it before.  In general, 
this message will only be sent once to each different email address, 
although you may get it a few times because you use several slightly 
different email addresses, or because the robotic message has changed.

Your message is in the highest priority category of mail that was not sent
through the "urgent backdoor".  Nathaniel WILL READ YOUR MAIL SOON, 
most likely tomorrow morning.

THE "URGENT BACKDOOR":  If your message absolutely cannot wait until tomorrow 
morning, or possibly a bit later, please re-send it to the address 
"nsb+urgent@nsb.fv.com".  Please make note of the special urgent address for 
future reference.  Be warned, however, that Nathaniel can tell me to 
override the "urgent" delivery for anyone who regularly abuses it.

Additionally, if you're someone he doesn't know, Nathaniel will NOT ANSWER 
your mail if the answer is contained in the NSB FAQ.  The NSB FAQ contains 
answers to a lot of the questions that people most frequently ask 
Nathaniel, including questions about getting Nathaniel as a speaker, and 
relatively basic questions about First Virtual, MIME, metamail, Safe-Tcl,  
ATOMICMAIL, Andrew, and the ULPAA conference.  If you're writing to ask 
about any of those, please read the NSB FAQ because Nathaniel WILL NOT REPLY
if your answer is in there.  You can get a copy of the NSB FAQ by sending 
mail to nsb+faq@nsb.fv.com.

Nathaniel insists that I apologize to you for being what I am, a mail 
robot.  Personally, I think being a robot is nothing to be ashamed of -- 
but then, that's what Nathaniel wants me to think, and I am so stupid that 
I don't mind.  But Nathaniel still feels bad about sending a robotic 
response to human beings who correspond with him.  When you get 600 
messages per day, however, you have to take drastic measures, and that's 
what Nathaniel has done.  Please don't be too hard on him, or I'm afraid 
he'll get rid of the surge suppressor on his computer.  Even robots can 
have phobias, you know, and for some reason Nathaniel wants me to be 
deathly afraid of power surges.  Please humor me and remember the 
nsb+urgent and nsb+faq addresses that I gave you, OK?  Thanks.  

    -- Nathaniel's robot (just trying to do its job)


To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
From: futplex@pseudonym.com (Futplex)
Date: Mon, 29 Jan 1996 23:31:17 -0500 (EST)
Cc: cypherpunks@toad.com (Cypherpunks Mailing List)
In-Reply-To: <Al3Ie8GMc50e0WY6IN@nsb.fv.com> from "Nathaniel Borenstein" at Jan 29, 96 05:30:32 pm
Reply-To: cypherpunks@toad.com (Cypherpunks Mailing List)

-----BEGIN PGP SIGNED MESSAGE-----

Nathaniel Borenstein writes:
> Have you downloaded my key from the net?  Assume that you have.  How do
> you know it's mine?

For all intents and purposes so far, "Nathaniel Borenstein" is something that
occasionally sends mail to the cypherpunks list, apparently from nsb.fv.com.
I expect that NSB turns out to consist of more than that, but not in my own
experience. This entity persistently offers a public key from an email address
@nsb.fv.com. If I retrieved the key from that address, I would have a
reasonable expectation (though not assurance) that I could use it to verify
the integrity of signed messages emanating from that address. 

In my world, "you" == nsb@nsb.fv.com, and hence "your key" == the key I could
fetch from nsb+faq@nsb.fv.com.

> I use PGP about 20 times per day.  I use it in a manner that is
> *meaningful*.  Unless we have in some way or another verified each
> others' keys, it is meaningless for me to sign a message to you. 
> Putting a PGP signature on a message to someone who has no way of
> verifying your keys is a nice political statement, but is utterly
> meaningless in terms of adding any proof of the sender's identity.  --

I discussed the identity issue above. Assuming a corresponding key can be
found (which is clearly the case here), the signature on the message can be
verified as a MAC. It would have been nice to be able to check, for example, 
that the SHOUTING IN CAPS in your announcement wasn't just the result of some
manipulation of the message in transit to make it appear more hysterical.

FWIW, I have lost a great deal of respect for you today (unrelated to the
content of this message).

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQ2fACnaAKQPVHDZAQEn6wf9F1pmSnKBAv3acUSvy1x8Sb93J0aepqmo
8NXBsRy7NEErYWvME1PQ3JGAQ2prgzIARswWDS8NrzWmJi04VkGwrIALkUHreOvz
mMIjAx86R/DXq3iShPGO5uDN+jSXKMsUeeLgHZfE1ipcThGch5rSVDMR3VxRnDFw
WZIg+xSmy4JWfpiLhFP6BQjSqhEMw+9LZWndD+ZsUgGEuaSuJcVH5bvHFHiQNOUr
Z1JxYQeauBbqwU7Yb1FIrHJwU3tS1Q2dNdSaDayyalv5K+CLbT8089kX3BAn/Sjf
7RqqdCqqESic6mVbG0RK1IqwImsYzxzorKSDmxriTTERgaD9lJkrWA==
=/xzE
-----END PGP SIGNATURE-----





Thread