[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please verify key for remailer@soda



-----BEGIN PGP SIGNED MESSAGE-----

>     Hello fellow C'punks! As my last message said (for those who read
>it), I'm just getting into anon remailers. I just picked up the docs and
>PGP key for the remailer@soda. I would appreciate it if people would send
>me fingerprints of the key. This is so that I know it hasn't been tampered
>with, or at least can be reasonably sure. Thanx, in advance!

I hope we're all clever enough to realize that this is not very
good key verification.  If a spoofer has managed to spoof the
key to soda that you got, then he will spoof the fingerprints
that everyone sends you.  Finding a way to do this that can't be
spoofed is nontrivial.

However, you can take some reasurance, IMO, in the idea that if
someone was spoofing any given widely held key, such as that to
a remailer, someone would, eventually, smell something fishy. 
i.e.  one day you go to mail a message to a soda from a
different account only to have it fail because your other
account provider was spoofing you.

- --
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <[email protected]>

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLkAANqi5iP4JtEWBAQEKmgQAlFGaYWRv9PzupM20SWghzP/oJg/j9B8u
+bXXMLHFEAk3tXhv3iYHr33f1Gs3D1IhCdz1tFbmyqwVjxUBxjU5s5EF1DEaPWA6
EMt6IFRwYS3WR2qhDsxn5QDeEMzETrO1xzGyNYbCERxlGAqgr6K5EGtzshoAxOmq
6VkURwSe3rY=
=R3sY
-----END PGP SIGNATURE-----