From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 17:08:01 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607030142.VAA29584@toxicwaste.media.mit.edu>
Message-ID: <Pine.GUL.3.94.960702224118.28261F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 2 Jul 1996, Derek Atkins wrote:

> Actually, I don't PGP sign my messages because 95% of the time my
> connection to my mail host (the machine on which I read and respond to
> mail) is insecure.  Composing the message, bringing the message to my

"Me too," though I recently created a 512-bit key just for the purpose of
such insecure signing. As long as people understand that that key simply
means "this is either me, or someone who has gone to the trouble of cracking
root here, or someone who spent a couple weeks brute-forcing this key," it's
useful to prevent casual attacks.

Several others are doing the same thing... I know all the NoCeM posters and
most of the newsgroup moderators using PGPMoose have created suuch secondary
keys.

- -rich
 finger or send mail with subject line "send pgp key" if you want 'em

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMdoJ+JNcNyVVy0jxAQH7fwIAvK/GWCSXtoDyZWIC+rffKjv/VNbQL/J8
nvabWe7DC6NMp6iGmmZCaIkuvD+TON6rEpu3xatyim0R8ILQoSPyfg==
=/wh3
-----END PGP SIGNATURE-----