[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MITM evasion



The message below (posted earlier today) caught my attention - I believe it
is a (fake?) MITM-generated message, because Tim's sig file has changed
recently (new domain name (got.net) and a disclaimer was added). The sig
attached to this anonymous message is at least a month out of date.

Even if this isn't just a mistake, it's not a true MITM attack, since this
is a third party /not/ between Tim and toad.com ... more of a spoof.

Do I win anything?

>Return-Path: [email protected]
>Date: Wed, 11 Oct 1995 09:55:07 +0100
>Subject: MITM evasion
>To: [email protected]
>Subject: MITM evasion
>From: [email protected] (Anonymous)

       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>Organization: Hack-Tic International, Inc.
>Comments: Hack-Tic may or may not approve of the content of this posting
>Comments: Please report misuse of this automated remailing service to
<[email protected]>
>Sender: [email protected]
>
>Two years ago, I pointed out that getting a single message past
>the man in the middle isn't good enough; you have to convince your

                                 Unconvinced, for one ^^^^^^^^

>readers that the key they received on one channel is more accurate
>than the key they're receiving on all the other channels.
>But if they'll believe that, they may also believe the man in the middle's
>announcement that the key in your name on all the keyservers is
>wrong, and the correct key is the one he's putting out.
>Can't win either way, but it's still important to get the key out.
>
>My current key is 0x54696D4D; the fingerprint is 
>4D 65 44 75 53 61 21 2F   41 73 55 64 85 6D 21 7F.

This key isn't registered with the MIT keyserver; not proof in any sense,
but worth mentioning.

>
>..........................................................................
>Timothy C. May         | Crypto Anarchy: encryption, digital money,
>[email protected]   | anonymous networks, digital pseudonyms, zero
>408-728-0152           | knowledge, reputations, information markets,
>Corralitos, CA         | black markets, collapse of governments.
>Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
>"National borders are just speed bumps on the information superhighway."
>
>
--
   Jay Campbell   Regional Operations Manager
   -=-=-=-=-=-=-  Sense Networking (Santa Cruz Node) 
   [email protected]   MIT PGP KeyID 0xACAE1A89           
 
"On the Information Superhighway, I'm the guy 
  behind you in this morning's traffic jam leaning on his horn."