[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On the value of signatures (was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)

To: [email protected] (Nathaniel Borenstein)
Subject: On the value of signatures (was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
From: [email protected] (Roy M. Silvernail)
Date: Tue, 30 Jan 1996 06:09:58 CST
Cc: [email protected]
In-Reply-To: <[email protected]>
Organization: Not that I've noticed
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, [email protected] writes:

> I use PGP about 20 times per day.  I use it in a manner that is
> *meaningful*.  Unless we have in some way or another verified each
> others' keys, it is meaningless for me to sign a message to you. 
> Putting a PGP signature on a message to someone who has no way of
> verifying your keys is a nice political statement, but is utterly
> meaningless in terms of adding any proof of the sender's identity.  --

You are incorrect.  Keys can always be obtained, and signatures can be
verified at any time.  But an unsigned message can _never_ be verified
as to its origin.

You may not have my key, but I still sign this message (as I have signed
all my net traffic for over 3 years).  I do this to protect the
reputation capital I've built up.

> PS -- On the off chance that anyone really doubts this is me, I will
> shortly send cypherpunks a message that has my own voice AND a PGP
> signature thereupon.  That way, you can check my identity if you either
> recognize my voice OR have verified my fingerprint.  Sheesh.  -- NB

Sheesh, yourself, Nathaniel (if that _is_ your True Name).  You're
showing a real attitude here, as though your reputation alone should be
enough to convince us of your messages' validity.  A malicious attacker
would be likely to bluster this way to deflect discovery of hir ruse.
We're all nyms on the net.  And yours wears no armor.
- -- 
Roy M. Silvernail --  [email protected] will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ4PVhvikii9febJAQHqSgP/YTCBuPGD3yKEGQo6oYzr0gfxIs2MJFCB
xJnSS84g4n6yxSz9u8Ffkq/BHsiRA6eFBuIhLdn0nsMORiEneXGadT+Of9+qvZXA
kfr47lC01uZLfldc8CH5gJG3bc4860nz4z4YhNDW1+3jRkKN2Gzp5V1YWKWvTuIl
kKw4L4ZYZCk=
=rkJ/
-----END PGP SIGNATURE-----

References:
- Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
  - From: Nathaniel Borenstein <[email protected]>

Prev by Date: Re: The FV Problem = A Press Problem
Next by Date: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
Prev by thread: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
Next by thread: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
Index(es):
- Date
- Thread