[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Radical Paranoia?





>Lets say someone emails me a key and the return address matches that of
>the address in the key.  Do I assume no one is spoofing me?  You have to
>admit that this is possible albeit unlikely.  What good is key certification
>if it only "probably valid?"  I've noticed that many of the keys on the
>server are signed with the same person's key.  I doubt that these people
>have had physical contact with each of the people who's key that they've
>signed.  Am I just being paranoid, or is there a valid issue here?  I
>welcome any of your comments.

I understand your precaution and problem very well. I have had similar fears.
Recently, I was in similar situation recently. I wanted to exchange keys
with someone I have met only once. The situation as it arose actually ended
up working okay. We exchanged keys after encrypting them with the normal
encryption option, with a password being someone at the place we meet.
Knowledge common to only a few select people. Then we started a talk session
at a prescribed time at the relevant addresses and tried to rely on information
specific dialogue to verify one's person as the one in question. Without
physically being there this seems like at least a little extra security.
As to the broader question you are really asking on verification I am unsure
on how it can be solved. Obviously my situation was unique that we had met
and could decide on an information basis, that would seemingly be hard to
duplicate, but this is not always available.

Paul
--
R  O    All Comments Copyright by  | Technofetisht
 A  N     Paul S. Goggin (1993)    | Cypher, Cyber, Chaos              
  V        Information Broker      | Ergoflux, Interzone
   E      [email protected]     | Carpe Diem: Stop the Clipper wiretap chip 
Finger account for latest _Phrack_ | Public Key: PGP and RIPEM available
      For anonymous communication:---> [email protected]
------------------------------------------------------------------------------
Title 18 USC 2511 and 18 USC 2703 Protected -- Monitoring Absolutely Forbidden