1998-01-17 - Re: how to release code if the programmer is a target for (fwd)

Header Data

From: Jonathan Wienke <JonWienk@ix.netcom.com>
To: Jim Choate <cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
Message Hash: 7bc6b01f95a16971e0e7990f18b43c7d38f27f99eb3cca3bd8ac0decea6ca242
Message ID: <3.0.3.32.19980117121208.006bc254@popd.netcruiser>
Reply To: <199801162348.RAA12709@einstein.ssz.com>
UTC Datetime: 1998-01-17 20:56:23 UTC
Raw Date: Sun, 18 Jan 1998 04:56:23 +0800

Raw message

From: Jonathan Wienke <JonWienk@ix.netcom.com>
Date: Sun, 18 Jan 1998 04:56:23 +0800
To: Jim Choate <cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
Subject: Re: how to release code if the programmer is a target for (fwd)
In-Reply-To: <199801162348.RAA12709@einstein.ssz.com>
Message-ID: <3.0.3.32.19980117121208.006bc254@popd.netcruiser>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 05:48 PM 1/16/98 -0600, Jim Choate wrote:
>Forwarded message:
>
>> Date: Fri, 16 Jan 1998 12:29:34 -0800
>> From: Jonathan Wienke <JonWienk@ix.netcom.com>
>> Subject: Re: how to release code if the programmer is a target for
>>   coercion (fwd)
>
>[my entire previous post deleted...geesh]
>
>> Jim, there are > 2 parties in the matter being discussed:
>
>EXACTLY. That is why there is a potential for a MITM (requires at least
>3 parties) attack.
>
>> My key is publicly available at the MIT keyserver; it has been since PGP
>> 5.0 came out.
>
>So what? If Alice is being monitored for whatever reason and she requests
>your key Mallet simply intercedes and inserts their own key. How is Alice
>going to catch a clue?
>
>> key.  It would be fairly difficult for any attacker to forge a signature
>> with a false key;
>
>It isn't the source but the recipient that is under attack.
>
>[rest deleted]

However, if Alice has had my key for 6 months, and has verified the
signatures on 100 of my Cypherpunks posts, and my signature on GunzenBombs
Pyro-Technologies latest checks out, she can be pretty confident that I
actually signed it.  On the other hand, if she didn't already have it, and
got a fake key and document from Mallet, Alice would not be able to use the
fake key to verify the signatures on my prior Cypherpunks posts.  This
ought to be a red-flagged clue that something is rotten in Denmark...

-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5

iQA/AwUBNMEQlsJF0kXqpw3MEQJA8ACeMcERuFEawbrfZBqBUCVIiCSy5CcAn0VU
nsPmpqLqwenGnvgCYjyg3pdQ
=7VZu
-----END PGP SIGNATURE-----


Jonathan Wienke

PGP Key Fingerprints:
7484 2FB7 7588 ACD1  3A8F 778A 7407 2928
3312 6597 8258 9A9E D9FA  4878 C245 D245 EAA7 0DCC

"If ye love wealth greater than liberty, the tranquility of servitude
greater than the animating contest for freedom, go home from us in peace.
We seek not your counsel, nor your arms. Crouch down and lick the hand that
feeds you. May your chains set lightly upon you; and may posterity forget
that ye were our countrymen."
-- Samuel Adams

"Stupidity is the one arena of of human achievement where most people
fulfill their potential."
-- Jonathan Wienke

Never sign a contract that contains the phrase "first-born child."

When the government fears the people there is liberty.
When the people fear the government there is tyranny.
Those who live by the sword get shot by those who don't. 

RSA export-o-matic:
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread