No Subject
Anonymous
nobody at flame.alias.net
Wed Oct 11 07:51:18 PDT 1995
> Two years ago, I pointed out that getting a single message past
> the man in the middle isn't good enough; you have to convince your
> readers that the key they received on one channel is more accurate
> than the key they're receiving on all the other channels.
> But if they'll believe that, they may also believe the man in the middle's
> announcement that the key in your name on all the keyservers is
> wrong, and the correct key is the one he's putting out.
> Can't win either way, but it's still important to get the key out.
>
> My current key is 0x54696D4D; the fingerprint is
> 4D 65 44 75 53 61 21 2F 41 73 55 64 85 6D 21 7F.
but this is not Tim May's key, his key is:
pub 1024/54E7483F 1992/11/20 Timothy C. May <tcmay at netcom.com> 11-20-92
Key fingerprint = 8C 79 1C 1B 6F 32 A1 D1 65 FB 5F 57 50 6D D3 28
And this one is signed by these people:
pub 1024/54E7483F 1992/11/20 Timothy C. May <tcmay at netcom.com> 11-20-92
sig 0022E52D Eric Hughes <hughes at soda.berkeley.edu>
sig DDBE0DD5 John T. Draper <crunch at netcom.com>
sig 8F898631 Scott Collins (512) <Scott_Collins at genmagic.com>
sig E972F011 E. Dean Tribble <tribble at xanadu.com>
sig 4C131F57 Tim Oren <oren at apple.com>
sig F5257117 <tomj at wps.com>
sig 85197FB5 John Gilmore <gnu at cygnus.com>
at level two in the web of trust are these people:
pub 512/F5257117 1992/09/28 <tomj at wps.com>
sig B1331439 Randy Bush <randy at psg.com>
Tom Jennings <tomj at fido.wps.com>
sig DA0EDC81 Phil Karn <karn at unix.ka9q.ampr.org>
sig F572C6A7 Jim Cannell <Jim.Cannell at f21.n216.z1.fidonet.org>
sig 0BD91A2D Phil Karn <karn at unix.ka9q.ampr.org>
sig F5257117 <tomj at wps.com>
Tom Jennings <tomj at fidosw.fidonet.org, 1:125/111>
sig ADF733A9 Jesse David Hollington <1:225/1.1 at fidonet.org>
sig 4D077463 Steve Matzura <steve.matzura at f203.n2603.z1.fidonet.org>
sig E7F23D95 Mike Laster <1:170/300.23 at fidonet>
sig DB910037 Barry Kapke <96:101/33 at dharma>
sig 5B77854F Depository #1 [Public Keys]
sig 08F811DD Marcos R. Della <mdella at polyslo.calpoly.edu>
sig 212EC54B Guy Martin 1:143/269 (guy.martin at f269.n143.z1.fidonet.org)
sig F572C6A7 Jim Cannell <Jim.Cannell at f21.n216.z1.fidonet.org>
sig BDFB1F2D George Gleason <gg at well.sf.ca.us>
sig DDBE0DD5 John T. Draper <crunch at netcom.com>
sig 8F898631 Scott Collins (512) <Scott_Collins at genmagic.com>
sig 0022E52D Eric Hughes <hughes at soda.berkeley.edu>
sig E972F011 E. Dean Tribble <tribble at xanadu.com>
sig 4C131F57 Tim Oren <oren at apple.com>
sig 85197FB5 John Gilmore <gnu at cygnus.com>
sig DA27EC35 Wes Perkhiser <wes.perkhiser at weise.omahug.org>
sig E7960501 Paul Schencke <1:135/340 at fidonet.org>
sig 9DB252DF Mike Riddle
sig 734B9A59 Christopher Baker <1:374/14 at fidonet.org>
sig B1B6B823 GK Pace @ 1:374/26 <gk.pace at f26.n374.z1.fidonet.o
pub 1024/85197FB5 1992/11/08 John Gilmore <gnu at cygnus.com>
sig 5ACB1C6D (Unknown signator, can't be checked)
sig 15100C27 (Unknown signator, can't be checked)
sig DA0EDC81 Phil Karn <karn at unix.ka9q.ampr.org>
sig 0BD91A2D Phil Karn <karn at unix.ka9q.ampr.org>
sig 9F9F38BB Mark Eichin <eichin at athena.mit.edu>
sig 5B415621 Mark Eichin <eichin at paycheck.cygnus.com>
sig 66CE89B7 Mark Eichin <eichin at cygnus.com>
sig 0022E52D Eric Hughes <hughes at soda.berkeley.edu>
sig BDFB1F2D George Gleason <gg at well.sf.ca.us>
sig DDBE0DD5 John T. Draper <crunch at netcom.com>
sig 8F898631 Scott Collins (512) <Scott_Collins at genmagic.com>
sig 0245C435 Dave Krieger <dkrieger at netcom.com>
sig 4C131F57 Tim Oren <oren at apple.com>
sig E972F011 E. Dean Tribble <tribble at xanadu.com>
sig F5257117 <tomj at wps.com>
sig 71946BDF Phil Karn <karn at qualcomm.com>
If you knew any of the level 1, or level 2 signatories personally and
had exchanged keys face to face, you'd have some assurance.
Also this level 3:
pub 1024/DA0EDC81 1994/07/25 Phil Karn <karn at unix.ka9q.ampr.org>
sig ED2354B9 Ulla Sandberg <ulla at stupi.se>
sig 9C57B951 Peter Lothberg <roll at stupi.se>
sig C7A966DD Philip R. Zimmermann <prz at acm.org>
PRZ, as your PGP distrbution is probably signed by this key, unless
you've inspected the source personally, you're relying on this key
anyway.
Level 4 would be a big web as lots of people fan out from PRZ.
More information about the cypherpunks-legacy
mailing list