Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit

[Nathaniel Borenstein <nsb@nsb.fv.com>]

Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. "Peter
Trei"@acm.org (1233)

> I started reading this thinking it was actually something important. All
> it describes 
> is a keyboard monitor, which greps for CC#s, and which could be spread by an 
> (unspecified) virus, and sends the output to a crook over the net by
> some (unspecified) 
> mechanism.

There are many ways to spread it besides a virus.  Zillions of 'em.  And
there are totally anonymous ways to redistribute it, some of which I've
never seen described publicly, which is why they were left unspecified.

> It's sort of interesting that "Nathaniel Borenstein" has a PGP key, but
> failed to 
> clearsign this message, which loudly trumpets it's great import.
> Considering the
> lack of actual content, I feel compelled to warn readers that this may
> be a forgery, 
> designed to make him look like he's scaremongering. 

Do you have my key in your key ring?  I rather  doubt it.  So what good
would it have done?  

Have you downloaded my key from the net?  Assume that you have.  How do
you know it's mine?

I use PGP about 20 times per day.  I use it in a manner that is
*meaningful*.  Unless we have in some way or another verified each
others' keys, it is meaningless for me to sign a message to you. 
Putting a PGP signature on a message to someone who has no way of
verifying your keys is a nice political statement, but is utterly
meaningless in terms of adding any proof of the sender's identity.  --
Nathaniel

PS -- On the off chance that anyone really doubts this is me, I will
shortly send cypherpunks a message that has my own voice AND a PGP
signature thereupon.  That way, you can check my identity if you either
recognize my voice OR have verified my fingerprint.  Sheesh.  -- NB