30 Nov
1992
30 Nov
'92
7:49 p.m.
From: Eric Hughes <hughes@soda.berkeley.edu>
There is no secure method of exchanging public keys using only the net. [spoofing, etc.]
As mentioned by Hal, the new PGP 2.1 (imminent) has a feature to create an hash or a public key which can be read over the telephone to make sure that a key transmitted electronically has not been altered in transmission.
Just to point out, though, this is not foolproof. A good impressionist can fool people, especially if they are extremely skilled. A person with Rich Little's or Peter Sellers' level of skill can sound astonishingly like the original person (although a sound spectrograph isn't fooled, other humans can be). Perry