Re: how to release code if the programmer is a target for (fwd)
Forwarded message:
Date: Fri, 16 Jan 1998 12:29:34 -0800 From: Jonathan Wienke <JonWienk@ix.netcom.com> Subject: Re: how to release code if the programmer is a target for coercion (fwd)
[my entire previous post deleted...geesh]
Jim, there are > 2 parties in the matter being discussed:
EXACTLY. That is why there is a potential for a MITM (requires at least 3 parties) attack.
My key is publicly available at the MIT keyserver; it has been since PGP 5.0 came out.
So what? If Alice is being monitored for whatever reason and she requests your key Mallet simply intercedes and inserts their own key. How is Alice going to catch a clue?
key. It would be fairly difficult for any attacker to forge a signature with a false key;
It isn't the source but the recipient that is under attack. [rest deleted] ____________________________________________________________________ | | | The most powerful passion in life is not love or hate, | | but the desire to edit somebody elses words. | | | | Sign in Ed Barsis' office | | | | _____ The Armadillo Group | | ,::////;::-. Austin, Tx. USA | | /:'///// ``::>/|/ http://www.ssz.com/ | | .', |||| `/( e\ | | -====~~mm-'`-```-mm --'- Jim Choate | | ravage@ssz.com | | 512-451-7087 | |____________________________________________________________________|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 05:48 PM 1/16/98 -0600, Jim Choate wrote:
Forwarded message:
Date: Fri, 16 Jan 1998 12:29:34 -0800 From: Jonathan Wienke <JonWienk@ix.netcom.com> Subject: Re: how to release code if the programmer is a target for coercion (fwd)
[my entire previous post deleted...geesh]
Jim, there are > 2 parties in the matter being discussed:
EXACTLY. That is why there is a potential for a MITM (requires at least 3 parties) attack.
My key is publicly available at the MIT keyserver; it has been since PGP 5.0 came out.
So what? If Alice is being monitored for whatever reason and she requests your key Mallet simply intercedes and inserts their own key. How is Alice going to catch a clue?
key. It would be fairly difficult for any attacker to forge a signature with a false key;
It isn't the source but the recipient that is under attack.
[rest deleted]
However, if Alice has had my key for 6 months, and has verified the signatures on 100 of my Cypherpunks posts, and my signature on GunzenBombs Pyro-Technologies latest checks out, she can be pretty confident that I actually signed it. On the other hand, if she didn't already have it, and got a fake key and document from Mallet, Alice would not be able to use the fake key to verify the signatures on my prior Cypherpunks posts. This ought to be a red-flagged clue that something is rotten in Denmark... -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5 iQA/AwUBNMEQlsJF0kXqpw3MEQJA8ACeMcERuFEawbrfZBqBUCVIiCSy5CcAn0VU nsPmpqLqwenGnvgCYjyg3pdQ =7VZu -----END PGP SIGNATURE----- Jonathan Wienke PGP Key Fingerprints: 7484 2FB7 7588 ACD1 3A8F 778A 7407 2928 3312 6597 8258 9A9E D9FA 4878 C245 D245 EAA7 0DCC "If ye love wealth greater than liberty, the tranquility of servitude greater than the animating contest for freedom, go home from us in peace. We seek not your counsel, nor your arms. Crouch down and lick the hand that feeds you. May your chains set lightly upon you; and may posterity forget that ye were our countrymen." -- Samuel Adams "Stupidity is the one arena of of human achievement where most people fulfill their potential." -- Jonathan Wienke Never sign a contract that contains the phrase "first-born child." When the government fears the people there is liberty. When the people fear the government there is tyranny. Those who live by the sword get shot by those who don't. RSA export-o-matic: print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (2)
-
Jim Choate -
Jonathan Wienke