Hello. I am Nathaniel Borenstein's automatic mail robot. It is IMPORTANT that you read this message, if you haven't read it before. In general, this message will only be sent once to each different email address, although you may get it a few times because you use several slightly different email addresses, or because the robotic message has changed. Your message is in the highest priority category of mail that was not sent through the "urgent backdoor". Nathaniel WILL READ YOUR MAIL SOON, most likely tomorrow morning. THE "URGENT BACKDOOR": If your message absolutely cannot wait until tomorrow morning, or possibly a bit later, please re-send it to the address "nsb+urgent@nsb.fv.com". Please make note of the special urgent address for future reference. Be warned, however, that Nathaniel can tell me to override the "urgent" delivery for anyone who regularly abuses it. Additionally, if you're someone he doesn't know, Nathaniel will NOT ANSWER your mail if the answer is contained in the NSB FAQ. The NSB FAQ contains answers to a lot of the questions that people most frequently ask Nathaniel, including questions about getting Nathaniel as a speaker, and relatively basic questions about First Virtual, MIME, metamail, Safe-Tcl, ATOMICMAIL, Andrew, and the ULPAA conference. If you're writing to ask about any of those, please read the NSB FAQ because Nathaniel WILL NOT REPLY if your answer is in there. You can get a copy of the NSB FAQ by sending mail to nsb+faq@nsb.fv.com. Nathaniel insists that I apologize to you for being what I am, a mail robot. Personally, I think being a robot is nothing to be ashamed of -- but then, that's what Nathaniel wants me to think, and I am so stupid that I don't mind. But Nathaniel still feels bad about sending a robotic response to human beings who correspond with him. When you get 600 messages per day, however, you have to take drastic measures, and that's what Nathaniel has done. Please don't be too hard on him, or I'm afraid he'll get rid of the surge suppressor on his computer. Even robots can have phobias, you know, and for some reason Nathaniel wants me to be deathly afraid of power surges. Please humor me and remember the nsb+urgent and nsb+faq addresses that I gave you, OK? Thanks. -- Nathaniel's robot (just trying to do its job) To: nsb@nsb.fv.com (Nathaniel Borenstein) Subject: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit) From: futplex@pseudonym.com (Futplex) Date: Mon, 29 Jan 1996 23:31:17 -0500 (EST) Cc: cypherpunks@toad.com (Cypherpunks Mailing List) In-Reply-To: <Al3Ie8GMc50e0WY6IN@nsb.fv.com> from "Nathaniel Borenstein" at Jan 29, 96 05:30:32 pm Reply-To: cypherpunks@toad.com (Cypherpunks Mailing List) -----BEGIN PGP SIGNED MESSAGE----- Nathaniel Borenstein writes:

Have you downloaded my key from the net? Assume that you have. How do you know it's mine?

For all intents and purposes so far, "Nathaniel Borenstein" is something that occasionally sends mail to the cypherpunks list, apparently from nsb.fv.com. I expect that NSB turns out to consist of more than that, but not in my own experience. This entity persistently offers a public key from an email address @nsb.fv.com. If I retrieved the key from that address, I would have a reasonable expectation (though not assurance) that I could use it to verify the integrity of signed messages emanating from that address. In my world, "you" == nsb@nsb.fv.com, and hence "your key" == the key I could fetch from nsb+faq@nsb.fv.com.

I use PGP about 20 times per day. I use it in a manner that is *meaningful*. Unless we have in some way or another verified each others' keys, it is meaningless for me to sign a message to you. Putting a PGP signature on a message to someone who has no way of verifying your keys is a nice political statement, but is utterly meaningless in terms of adding any proof of the sender's identity. --

I discussed the identity issue above. Assuming a corresponding key can be found (which is clearly the case here), the signature on the message can be verified as a MAC. It would have been nice to be able to check, for example, that the SHOUTING IN CAPS in your announcement wasn't just the result of some manipulation of the message in transit to make it appear more hysterical. FWIW, I have lost a great deal of respect for you today (unrelated to the content of this message). Futplex <futplex@pseudonym.com> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMQ2fACnaAKQPVHDZAQEn6wf9F1pmSnKBAv3acUSvy1x8Sb93J0aepqmo 8NXBsRy7NEErYWvME1PQ3JGAQ2prgzIARswWDS8NrzWmJi04VkGwrIALkUHreOvz mMIjAx86R/DXq3iShPGO5uDN+jSXKMsUeeLgHZfE1ipcThGch5rSVDMR3VxRnDFw WZIg+xSmy4JWfpiLhFP6BQjSqhEMw+9LZWndD+ZsUgGEuaSuJcVH5bvHFHiQNOUr Z1JxYQeauBbqwU7Yb1FIrHJwU3tS1Q2dNdSaDayyalv5K+CLbT8089kX3BAn/Sjf 7RqqdCqqESic6mVbG0RK1IqwImsYzxzorKSDmxriTTERgaD9lJkrWA== =/xzE -----END PGP SIGNATURE-----