Excerpts from mail: 29-Jan-96 Re: Signature use and key t.. Futplex@pseudonym.com (2183*)
In my world, "you" == nsb@nsb.fv.com, and hence "your key" == the key I could fetch from nsb+faq@nsb.fv.com.
Right, absolutely. But let's face it, by now you believe it's me anyway, or the real nsb@nsb.fv.com would have spoken up and argued with me. On the other hand, if I start routinely PGP-signing email, then the value of slowly brute-force cracking my private key goes way up. If FV is successful, for example, you could spend a few years breaking my key, and then forge apparently-slanderous signed mail from me to you as part of a lawsuit. This would be far more believable, in a court of law, if I routinely signed everything than if I didn't. I don't routinely sign things because I think it is asking for problems with retrospective forgery down the road. I might, however, consider routinely signing things once I can easily incorporate a digital timestamping service like the one from Surety into my signature.
FWIW, I have lost a great deal of respect for you today
I sincerely hope that you will gain it back when you realize that not all "hype" is without substance, and that we really have unveiled a genuine, previously-unrecognized, and extremely important flaw in commercial mechanims that purport to offer security through the software encryption of credit card numbers. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com