1996-01-30 - Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
Header Data
From: Adam Shostack <adam@lighthouse.homeport.org>
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Message Hash: f45d14fd52d15cd4a3660f6691c06c42c52b52579f98cec0053432242ba3fad2
Message ID: <199601301551.KAA07294@homeport.org>
Reply To: <El3X_NGMc50e1Ir2Vs@nsb.fv.com>
UTC Datetime: 1996-01-30 18:13:17 UTC
Raw Date: Wed, 31 Jan 1996 02:13:17 +0800
Raw message
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 31 Jan 1996 02:13:17 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
In-Reply-To: <El3X_NGMc50e1Ir2Vs@nsb.fv.com>
Message-ID: <199601301551.KAA07294@homeport.org>
MIME-Version: 1.0
Content-Type: text
-----BEGIN PGP SIGNED MESSAGE-----
Expire your keys annually. You know about key lifetimes & expiry, and
in fact talk about them at length in your 'Experiences' paper. So I
assert that this is a straw man. The included key has an expiration
date on it.
Nathaniel Borenstein wrote:
| Right, absolutely. But let's face it, by now you believe it's me
| anyway, or the real nsb@nsb.fv.com would have spoken up and argued with
| me. On the other hand, if I start routinely PGP-signing email, then
| the value of slowly brute-force cracking my private key goes way up. If
| FV is successful, for example, you could spend a few years breaking my
| key, and then forge apparently-slanderous signed mail from me to you as
| part of a lawsuit. This would be far more believable, in a court of
| law, if I routinely signed everything than if I didn't.
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCKAzBjLm4AAAED53EETCG11u/jmMQmWvp1wRU10XUOtXjC/3zVGS23G3bv0o7F
JqdYDWJBp1Rzjb5p6t8KXTPVwx1ZXG8AvJcNFyZiYUznDiHDCT9JScQG5NL++C3r
x6n2YaQLooQgsw5l9aWEJ9Qi3UnQOVA2ZkaYs9RQdJsH8N5XP6PQNGpRAAURtC5B
ZGFtIFNob3N0YWNrIDxhZGFtQGhvbWVwb3J0Lm9yZz4gW0V4cCBBdWcgOTZdiQCV
AwUQMGMuqAWt5TRah1f5AQGjiwP9H3VhNDLNvNkll2Db7ccQlppbFgFjxj5/MTBj
jFD7+FRZcSG4kpbkLYz4gPwY/upf+9N8dp+lEKXNtYLFVfSCkPSMAQhRK1PA4aqv
YlTerDwWQxt4Zyv8H30GO2zm0TkCMWMS6ZZN9U/jk0t7VTYOFvW7sQeiKV4BDScd
7eU62XM=
=Z34o
- -----END PGP PUBLIC KEY BLOCK-----
- --
"It is seldom that liberty of any kind is lost all at once."
-Hume
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCSAwUBMQ4+ZN5XP6PQNGpRAQE4IQPmLiLyT7/7VAw6Z5ajqDlJCiMwubUQTtc+
pCo3RPZjJ8IakLvgXF06LJoIK7ObYbgfRED90v/LNlZivE1CpHQb9QRobNYqIBgU
ZQBw4NkqCAS9kH4K+LrK1ce4sPF8gLBwZBSS+PJXS+BBW6Tp2kDF534Ro6x+hMOV
k1Xuc7s=
=GlZS
-----END PGP SIGNATURE-----
Thread
- Return to January 1996
Return to February 1996
- Return to “Adam Shostack <adam@lighthouse.homeport.org>”
- Return to “futplex@pseudonym.com (Futplex)”
- Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”
- Return to ““Paul M. Cardon” <pmarc@fnbc.com>”
- Return to ““Peter Trei” <ptrei@acm.org>”
Return to “roy@sendai.cybrspc.mn.org (Roy M. Silvernail)”
- 1996-01-30 (Tue, 30 Jan 1996 08:13:11 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Peter Trei” <ptrei@acm.org>
- 1996-01-30 (Tue, 30 Jan 1996 14:28:29 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Paul M. Cardon” <pmarc@fnbc.com>
- 1996-01-30 (Tue, 30 Jan 1996 17:25:16 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1996-01-31 (Wed, 31 Jan 1996 09:14:15 +0800) - Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit) - futplex@pseudonym.com (Futplex)
- 1996-01-30 (Wed, 31 Jan 1996 00:38:41 +0800) - Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit) - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1996-01-30 (Wed, 31 Jan 1996 02:13:17 +0800) - Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit) - Adam Shostack <adam@lighthouse.homeport.org>
- 1996-01-30 (Wed, 31 Jan 1996 00:38:41 +0800) - Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit) - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1996-01-31 (Wed, 31 Jan 1996 12:53:28 +0800) - On the value of signatures (was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit) - roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
- 1996-01-31 (Wed, 31 Jan 1996 09:14:15 +0800) - Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit) - futplex@pseudonym.com (Futplex)
- 1996-01-30 (Tue, 30 Jan 1996 23:45:13 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1996-01-30 (Wed, 31 Jan 1996 02:13:48 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Paul M. Cardon” <pmarc@fnbc.com>
- 1996-02-02 (Sat, 3 Feb 1996 07:07:14 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1996-02-02 (Sat, 3 Feb 1996 07:40:21 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - “Paul M. Cardon” <pmarc@fnbc.com>
- 1996-02-03 (Sat, 3 Feb 1996 22:26:59 +0800) - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit - Nathaniel Borenstein <nsb@nsb.fv.com>