From: olbon@dynetics.com (Clay Olbon II)
To: cypherpunks@toad.com
Message Hash: 3fa3e75a0561e217d2be06fec4d77d9ed491d605d3d658643536dff279e4f609
Message ID: <v01540b02ad33d3833bc4@[193.239.225.200]>
Reply To: N/A
UTC Datetime: 1996-01-30 15:07:40 UTC
Raw Date: Tue, 30 Jan 1996 23:07:40 +0800
From: olbon@dynetics.com (Clay Olbon II)
Date: Tue, 30 Jan 1996 23:07:40 +0800
To: cypherpunks@toad.com
Subject: Signed posts (was Re: FV ... Fatal Flaw ...)
Message-ID: <v01540b02ad33d3833bc4@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Amidst all of the <exon> about the "fatal flaw", Mr. Scarenstein brings up
(amazingly) an interesting point regarding signed posts that I have wondered
about for a while.
At 5:30 PM 1/29/96, Nathaniel Borenstein wrote (highly edited!):
>Do you have my key in your key ring? I rather doubt it. So what good
>would it have done?
>
>Have you downloaded my key from the net? Assume that you have. How do
>you know it's mine?
The issue of knowing that a signed post belongs to a particular individual
has come up often. Clearly the best approach is verifying the key in person
Failing that, however, I have adopted a strategy of maximizing the
probablility that the key actually belongs to me. I do this by:
1. Including the fingerprint and where to get the key in my
signed post (within the pgp sig)
2. Putting the key in a fairly secure place (i.e. on a machine
controlled by my employer, but where I can check the key
periodically
3. Putting the same key on the keyservers
I could (and should) also place it on my web page as well.
This is not to say that someone could not impersonate me by creating a key
and placing it in all of these places, but I think it would be difficult,
and probably not worth the effort. I am not real worried about this threat
(but heck, if someone really wants to impersonate me, I'd be flattered).
I think these measures are probably sufficient for a mailing list level of
discussion. Any comments? (flames >/dev/null)
Clay
- --------------------------------------------------------------------------
Clay Olbon II | olbon@dynetics.com
Systems Engineer | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302 | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109 | pgp print: B97397AD50233C77523FD058BD1BB7C0
"To escape the evil curse, you must quote a bible verse; thou
shalt not ... Doooh" - Homer (Simpson, not the other one)
- --------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMQ4mjwS4mEMx6xUNAQFkjgP/QYovJZzguQy4yQqWYZQPCpZn1oU8VaCr
14JW7XIk29F4xDHEPT8YlCvt7lJ6aYvWNbFVpmTWzj8IiAgWwDeQZVbQyA+YRuMs
w5kOF2brGAElln+j5hxtoIzvfy2lp+Jr8c6Q3yklCX6Yizt6G+Ma08HC1HkUZ2Jd
d0GSBZwk4nw=
=PF/1
-----END PGP SIGNATURE-----
Return to January 1996
Return to “olbon@dynetics.com (Clay Olbon II)”
1996-01-30 (Tue, 30 Jan 1996 23:07:40 +0800) - Signed posts (was Re: FV … Fatal Flaw …) - olbon@dynetics.com (Clay Olbon II)