[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mysterious PGP release-signing keys

To: Patrick Feisthammel <[email protected]>
Subject: Re: mysterious PGP release-signing keys
From: Alex Alten <[email protected]>
Date: Thu, 24 Dec 1998 21:25:22 -0800
Cc: Dave Del Torto <[email protected]>, [email protected], [email protected], [email protected], [email protected], Philip Zimmermann <[email protected]>, St�le Schumacher <[email protected]>, Alex de Joode <[email protected]>
In-Reply-To: <[email protected]>
References: <3.0.3.32.19981223195440.00b29970@mail>
Sender: [email protected]


>> This is yet another a good example of why one should never confuse using
PK 
>> certificates with security.  An email PGP signature looks impressive but in
>> practice it is useless.
>
>It is usefull iff you can verify the validity of the used PK certificate.
>That's what the web of trust in PGP is for.
>

Unfortunately the "if" is false.  I have no idea if your fancy PK signature 
really represents you.  Just look at the recent trouble Black Unicorn has 
had with someone else using the same name affiliated with a key stored on 
the Network Associates PGP key server. Dave could not verify a PK signature 
for the PGP software distribution itself.  PKI, or a web of trust, looks 
good on paper but in practice it does not work when scaled up to large 
numbers of networked users.

- Alex
--

Alex Alten

[email protected]
[email protected]

P.O. Box 11406
Pleasanton, CA  94588  USA
(925) 417-0159

References:
- Re: mysterious PGP release-signing keys
  - From: Alex Alten <[email protected]>
- Re: mysterious PGP release-signing keys
  - From: Patrick Feisthammel <[email protected]>

Prev by Date: Re: Sammers eers Theft of Ben lauries Intellectual
Next by Date: A #1 SECRET PROFIT MACHINE!!!
Prev by thread: Re: mysterious PGP release-signing keys
Next by thread: politically correct bomb graffiti
Index(es):
- Date
- Thread