From: Michael Bauser Area: Public Key Encryption To: Brian Giroux 14 Dec 94 20:18:44 Subject: Certification question UpdReq (This is a cross-posted reply to a post in PKEY_DROP. I'm trying to move the conversation over here where it belongs.) -----BEGIN PGP SIGNED MESSAGE----- Who: Brian Giroux What: Certification question When: 07 Dec 94 23:46:00 BG> Let's say I look at your origin line (as if you have one ;) and BG> discover that you are entering messages from a BBS in Topeka, Kansas. BG> I then call 1-913-555-1212 and ask Information for the number for BG> Scott Miller (assuming that it's not unlisted). I then call you up BG> and ask you for your finger print and match it up with the finger BG> print that I get. Could I be reasonably certain that your public key BG> is authentic? Well, you can now be pretty sure that the key for Scott Miller belongs to the guy who answers Scott Miller's phone, but you aren't necessarily sure that he really, truly is Scott Miller. It could be Scott's brother Biff or something. Even if it really is "Scott Miller"), it's no proof that he's the Scott Miller he claims to be. What you've got here is called "persona verification" by the crypto- graphers at RSA, Inc. You're sure that the key belongs to the person, but you don't know enough about the person to be sure he's real. For a great many things (such as verfiying signatures), this is verification enough, because all you want to be sure of is that all the messages coming from "Scott Miller" are coming from one person, and the identity isn't totally bogus. (Although you can have persona verification for obviousl pseudonyms. RSA runs a persona-request server for Privacy Enhanced Mail users that will sign any PEM key sent to it, but it will never sign a second key for a given e-mail address, unless it receives a revocation first. That way, you know a "verified" key is the only such key for that account, which gives a little more stability than usual when dealing with anonymous people. But I digress.) In the end, the only way to truly be certain, of course, is to have a trusted signature (yours or somebody else's) on Scott's key. Calling Scott up to verify his identity is NOT enough verification to rate you putting a verifying signature on his key, though. Yet. Future versions of PGP could include an option for a certifying signer to indicate how much verification he did (i.e. "none at all", "phone call", "checked picture ID") so that you could sign with qualifications, and other people could decide (in their pgp.ini files, probably) whether to accept phone verifications seriously. That's on my personal wishlist, but I doubt it will be added soon. (There's a short discussion of this potential option in the "pgformat.doc" (or was it "pgformat.txt"?) file included in MIT PGP, if anybody thinks I'm making it up.) Got that? It's kinda complex. (Even the cypherpunks argue about this one, and I'm usually just an awe-struck observer around them.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Friends don't make friends use legal_kludge. iQCVAwUBLu+YLcRHZFQbZSuZAQEKAQQAqnVvFi/xvX42r0a8NsWjPBlFZI1hsYnt SWGzgdfT4A1W3Hbu2SSrd4IDs6RrV00vlc0QI7pMlpBWuhrYIhJQvIHBC1WCF5BT cGgiQxZP296v5w6stYDnGkmmzF9kYiiXQr/rJiAmGa6HYHtuSNyE1LdbGTErK3xQ tGGflHRtJBI= =YCPR -----END PGP SIGNATURE----- **EZ-PGP v1.07 ... Smile!! Big brother is watching. 201434369420143436942014343694201434369420143436942014343694718 From: Reed Darsey Area: Public Key Encryption To: All 15 Dec 94 04:21:12 Subject: G. Gordon Liddy pro-PGP UpdReq Phill Zimmerman's lawyer faxed something to the G. Gordon Liddy show the other day, and from his comments, the "G-Man" is pro-PGP, anti-Clipper. (Does anyone have his public key?) ... PGP 512/AE5BEFB5 [26 D3 A0 FB FB E2 D2 35 B5 26 4A E1 A1 FB CD B8] 201434369420143436942014343694201434369420143436942014343694718 From: Michael Bauser Area: Public Key Encryption To: Brian Giroux 13 Dec 94 18:18:14 Subject: KEY REVOKE UpdReq -----BEGIN PGP SIGNED MESSAGE----- Who: Brian Giroux What: KEY REVOKE When: 10 Dec 94 07:03:00 BG> I seem to have created a small problem for myself. I decided that BG> it was time to put a key revocation just in case my HDD crashes. Now BG> when I type pgp -kv, it says that my key is revoked. Is there any BG> way to reverse the revokation? Nope. Key-revocations are *permanent* (unlike key-disabling, which is what happens if you -kd somebody else's key). You're out of luck, I think, unless your copy of "secring.bak" is dated before the key revocation. Delete "secring.pgp", and rename "secring.bak" as "secring.pgp" and see if that keyring has an unrevoked copy. If that doesn't bring your key back, all you can do is send the revocation certificate out to the world, and generate a new keypair. If you're worried about hard drive crashes, you should just backup to floppy, like normal software. A secure password and safe location for the disk (mine isn't even in the same building as the rest of my computer stuff) should be enough to keep other people from stealing it. ... This tagline approved for export by the National Security Agency. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Friends don't make friends use legal_kludge. iQCVAwUBLu+SAcRHZFQbZSuZAQEv4wQApAJ/3d9DNtIbrP9e9El0z9GovFpyh/HT v3q5s2EjKuFSaPl2mggYukIbCWl0mvIOJUbXyjURHkKiDvTMj+s8/4p9CrOpXHPK g7SE0jj97hk9ZmXiS6MoAD93mX0VBf8AUf9gRC3uFaxbNaMeFlt4WRmv6m6gHpsh cfpTYj53N6o= =tYhS -----END PGP SIGNATURE----- **EZ-PGP v1.07 201434369420143436942014343694201434369420143436942014343694718 From: Reed Darsey Area: Public Key Encryption To: All 15 Dec 94 03:46:20 Subject: PGP in INFORMATION WEEK Top 10 UpdReq The Dec. 12, 1994 issue of INFORMATION WEEK included PGP in its "Most Important Products of 1994" article, p38. ... PGP 512/AE5BEFB5 [26 D3 A0 FB FB E2 D2 35 B5 26 4A E1 A1 FB CD B8] 201434369420143436942014343694201434369420143436942014343694718 From: Griffin Goodman Area: Public Key Encryption To: jason carr 14 Dec 94 21:54:00 Subject: question UpdReq Hey, I want to know if yall have a program that does this encryption stuff or if you take a really really long time writing this. Live in the Gheto 201434369420143436942014343694201434369420143436942014343694718