From: Dave Del Torto <ddt@ciphr.org>
Date: Wed, 23 Dec 1998 01:52:17 +0800
To: ukcrypto@maillist.ox.ac.uk
Subject: mysterious PGP release-signing keys
Message-ID: <v04103b00b2a2b76183d0@[192.168.248.7]>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please excuse the crosspost, but does anyone know *who* generated and/or
owns these keys?

 0xBB1EEF1B Verify
 0xC8501551 Verify Key for http://www.arc.unm.edu/~drosoff/*
 0xAA9AE13F Verify PGP 6.0.2 PP - RSA
 0x772B7382 VERIFY <VERIFY@gnwmail.com>

They seem to be used for signing/verifying PGP releases (e.g. the 602 by CKT
at Replay), but there's nothing on the keys that identifies the responsible
engineer who compiled the source, nor do some of them seem to be certified
by anyone in the WoT. Questions have been raised about the authenticity and
security of those compiles and these keys.

   dave


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
Comment: Get interested in computers -- they're interested in YOU!

iQA/AwUBNn11mJBN/qMowCmvEQI4IwCfad0S9Algw7PPDsgWChimC4Cx6dcAnjtu
h2trwMi08tJMCD76W6W8DP/L
=TFuT
-----END PGP SIGNATURE-----