From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 14 Nov 1997 18:22:28 +0800
To: cypherpunks@toad.com
Subject: Re: Key Signing
Message-ID: <199711141003.LAA02307@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Bill Stewart wrote:
> At 01:21 AM 11/10/1997 +0100, Necessarily Knot, ME wrote:
> >I am including the key (below) for my new nym, which has not been used
> >before, and would like for people to sign it and send the signed key
> >to the list.
> >This way, people will know by the signature, that it is, indeed:
> >Necessarily Knot, ME
> 
> This was bizarre - what did you do to create the key and the ASCII version?
> I imported the key into my PGP 5.0, and saw the double-key icon,
> which says I have the private key as well as the public key,
> and sure enough, it was willing to let me change the passphrase
> (which was previously not set.)

  I was testing the procedure outlined in Epilogue 5 of InfoWar
on a friend's machine and, sure enough, I got PGP 2.62 to spit
out the private key he had created as Necessarily Knott, ME.
 
> I'm not sure how comfortable I am signing a key which has the
> private keys made public - so I signed it, and revoked it,
> and you're welcome to the signed revocation certificate :-)

  Perhaps we have inadvertently taken key-signing to a new level.
i.e. - develop software that will allow a user to have another
user sign the key and then, when revoked, the software allows
the user to sign with the revoked key, but not to recreate it
or change it in any way.
  The software could be marketed to cryptographers with low
self-esteem.
 
> The keyserver says it accepted the certificate, but doesn't
> find it when I query it for the key, but then it did that to me
> earlier today, so I'm not sure if it's there or not.
> (It's the server at http://www.pgp.com/keyserver/pks-lookup.cgi .)

  I added the secret key to the keyserver, and it also said it
had accepted it, but does not show it on a query.
 
> The KeyID was 0x61C747B1 - 512-bit RSA
> 
> - -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: PGP for Personal Privacy 5.0
> 
> mQBNAzRmZWoAAAECAMnJrqd/TERCLeFscdgNvwVxrVG4tRm0VThMEXXkctCGMaUD
> jcETxcV0ZseRUcyUKfqlLd3CRsIwClozlWHHR7EABRGJAFUDBSA0bAHUClozlWHH
> R7EBARcXAf9oQLI0CvkPpxPLcUgdlolZ6J9Y5f5AAeX169o6SPtxaJBaHp0C39+0
> h4EimgD+TB4kiCWvklDhkTDckAxweIjbtBVOZWNlc3NhcmlseSBLbm90dCwgTUWJ
> AJUDBRA0bAGS+fMmybV+y8UBAYRCA/99H8XcS1h0X0l2vQ5zPqmOSiYQ0mfi5dXZ
> iMOlqlnFzVyus3L6sIr9X7Xyzg8emaNfLslQBqiagLRyVVc6e5wTVSXOKQoMzqTm
> s26OA/e+/1oZHx3mCgrJm2YWyjOVm8Vx1BwbrFSgTVgdiaKbeVKrj9Zbx178BYqs
> Gd1RHLXjWQ==
> =ANSy
> - -----END PGP PUBLIC KEY BLOCK-----
> 
> But hey, since I've got this bogus key around, might as well sign
> something with it :-)
> -----BEGIN PGP SIGNATURE-----
> Version: PGP for Personal Privacy 5.0
> Charset: noconv
> 
> iQBVAwUBNGwEogpaM5Vhx0exAQGupAH/duqAF915VFqxcFHk3wlmXzmU2DDQv9nP
> 6FM0rU2MSfiFmfQu76dBAyriBAdEzk1Ry+oyZiWIlixGZYbLaXLU8Q==
> =5ZQC
> -----END PGP SIGNATURE-----

  Yep. That confirms that your message was sent by someone who
is Neccesarily Knott, ME.

  Took a few days for you to reply to the message. Have you been
waiting for the wee hours to see if you could narrow down the
list of senders by seeing who is online at the time you receive
a reply?
  I could add latency to this anonymous email, but that would
be tacky.

Necessarily Knott, ME


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQBVAwUBNGwftQpaM5Vhx0exAQGYzAH9HMbEev5KxJs9cqzYm4wbXv8+7Atxx5D/
gymQS2nhxp2aupDIewq9JkzK++VN7JAZJqyexrimiOh7ndvwI7ZOvA==
=H6JV
-----END PGP SIGNATURE-----