1996-04-29 - Re: arbiter/escrow agent for hire

Header Data

From: bryce@digicash.com
To: Gary Howland <gary@systemics.com>
Message Hash: ec079c2bee8be08f5fa6c87556ba592fa2a36030af65d9adce3a7aaa680a6550
Message ID: <199604291026.MAA09328@digicash.com>
Reply To: <31849110.446B9B3D@systemics.com>
UTC Datetime: 1996-04-29 18:25:44 UTC
Raw Date: Tue, 30 Apr 1996 02:25:44 +0800

Raw message

From: bryce@digicash.com
Date: Tue, 30 Apr 1996 02:25:44 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <31849110.446B9B3D@systemics.com>
Message-ID: <199604291026.MAA09328@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity callnig itself Gary Howland <gary@systemics.com> is
 alleged to have written:
>
> bryce@digicash.com wrote:
> 
> >  Black Unicorn <unicorn@schloss.li> wrote:
> > (> "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> wrote:)
> > > >     IIRC, currently Black Unicorn doesn't have any signatures on
> > > > his public key of others. Therefore, this requirement, while understandable,
> > > > could cause a bit of a difficulty in the current situation.
> > >
> > > Please obtain a copy of my current key by finger.
> > 
> > Oh please.  My respect for Uni's acumen just decremented a
> > couple of notches.  A 2048-bit key, and no signatures?
> > Rather like a front door with welded plate armor and an open
> > window, no?
> > 
> > Let's talk more off-list...
> 
> Hang on!  This is interesting - keep in on-list!


If we did, we'd have to kill you.  8-)


> What's the big deal about not having signed his own key?
> 
> The only thing that signing your own key does is show the
> [claimed] id of the real keyholder.  There's no scope for
> abuse.  Claiming this to be an armour door and open window
> is overreacting a bit.


Okay this is on-list because I have propagated disinformation
and I'm trying to propagate the correction:  for some reason
I, and apparently E. ALLEN SMITH, got a copy of Black Uni's
key which was devoid of signatures of any kind.  My
complaint was that this made it utterly open to MITM
attacks.  I was mistaken about Uni's key's lack of
signatures though, and I apologized for saying the above.


Actually, Black Uni's key via finger has two signatures (not
counting his own): Sandy Sandfort (whose key has no 
signatures, as far as my copy of it goes), and 
loki@obscura.com (whose key has 22 signatures, only 3 of 
which are from keys that I can find copies of not counting
loki's own).


more later,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYSZZEjbHy8sKZitAQHB5wMA03m0NqNCMX0OjVdsQ+Kh7J6ZTPL3SJ/+
CqtrcrMly14cgBlDj4lWzXDZCHv179h8hyt0Y/zIG4fcnY+anUjFAN9vvUapqIxc
PkeH27XuCN1JfeJCH/eTiy0Hzf6+nN5J
=GbtJ
-----END PGP SIGNATURE-----





Thread