[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication at toad.com: WTF?

To: [email protected]
Subject: Re: Authentication at toad.com: WTF?
From: [email protected] ([email protected] +1-510-484-6204)
Date: Thu, 1 Dec 94 01:25:39 EST
Sender: [email protected]

-----BEGIN PGP SIGNED MATERIAL-----
> On Wed, 30 Nov 1994, The new cypherpunks signature checking agent wrote:
> > The below message was found to have a valid signature from "JEFF LICQUIA (CEI)
> > " [email protected].

Apparently it was a spoof, but whatever.  I'd be really bugged by
the security implications of software claiming to have validated
signatures; software that complains about bogus sigs is fine,
since if it's spoofed it's only a warning, and if the warnings
are deleted your trust is still somewhat limited unless you've verified
the signatures yourself.  Trusting someone else's verification
is less than ideal security policy :-)

		Bill
-----BEGIN PGP SIGNATURE-----		
Pgp-version: 32767

uhohovhoehvohfvoihvhoviheoivhefoivhefohvefohv
jhjhohhuhvuhiuhewiuvhiuhfveiuhefviuhevhevhvhh
-----END PGP SIGNATURE-----

Cypherpunks signature checking agent:  It's valid - trust me!

Follow-Ups:
- Re: Authentication at toad.com: WTF?
  - From: [email protected] (Eric Hughes)

Prev by Date: Re: using us crypto sw outside usa
Next by Date: hello
Prev by thread: Re: cypherpunk signing service
Next by thread: Re: Authentication at toad.com: WTF?
Index(es):
- Date
- Thread