No Subject

Anonymous nobody at flame.alias.net
Wed Oct 11 07:51:18 PDT 1995 


> Two years ago, I pointed out that getting a single message past
> the man in the middle isn't good enough; you have to convince your
> readers that the key they received on one channel is more accurate
> than the key they're receiving on all the other channels.
> But if they'll believe that, they may also believe the man in the middle's
> announcement that the key in your name on all the keyservers is
> wrong, and the correct key is the one he's putting out.
> Can't win either way, but it's still important to get the key out.
> 
> My current key is 0x54696D4D; the fingerprint is 
> 4D 65 44 75 53 61 21 2F   41 73 55 64 85 6D 21 7F.

but this is not Tim May's key, his key is:

pub  1024/54E7483F 1992/11/20 Timothy C. May <tcmay at netcom.com> 11-20-92
          Key fingerprint =  8C 79 1C 1B 6F 32 A1 D1  65 FB 5F 57 50 6D D3 28 


And this one is signed by these people:

pub  1024/54E7483F 1992/11/20 Timothy C. May <tcmay at netcom.com> 11-20-92
sig       0022E52D             Eric Hughes <hughes at soda.berkeley.edu>
sig       DDBE0DD5             John T. Draper <crunch at netcom.com>
sig       8F898631             Scott Collins (512) <Scott_Collins at genmagic.com>
sig       E972F011             E. Dean Tribble <tribble at xanadu.com>
sig       4C131F57             Tim Oren <oren at apple.com>
sig       F5257117             <tomj at wps.com>
sig       85197FB5             John Gilmore <gnu at cygnus.com>


at level two in the web of trust are these people:

pub   512/F5257117 1992/09/28 <tomj at wps.com>
sig       B1331439             Randy Bush <randy at psg.com>
                              Tom Jennings <tomj at fido.wps.com>
sig       DA0EDC81             Phil Karn <karn at unix.ka9q.ampr.org>
sig       F572C6A7             Jim Cannell <Jim.Cannell at f21.n216.z1.fidonet.org>
sig       0BD91A2D             Phil Karn <karn at unix.ka9q.ampr.org>
sig       F5257117             <tomj at wps.com>
                              Tom Jennings <tomj at fidosw.fidonet.org, 1:125/111>
sig       ADF733A9             Jesse David Hollington <1:225/1.1 at fidonet.org>
sig       4D077463             Steve Matzura <steve.matzura at f203.n2603.z1.fidonet.org>
sig       E7F23D95             Mike Laster <1:170/300.23 at fidonet>
sig       DB910037             Barry Kapke <96:101/33 at dharma>
sig       5B77854F             Depository #1 [Public Keys]
sig       08F811DD             Marcos R. Della <mdella at polyslo.calpoly.edu>
sig       212EC54B             Guy Martin 1:143/269 (guy.martin at f269.n143.z1.fidonet.org)
sig       F572C6A7             Jim Cannell <Jim.Cannell at f21.n216.z1.fidonet.org>
sig       BDFB1F2D             George Gleason <gg at well.sf.ca.us>
sig       DDBE0DD5             John T. Draper <crunch at netcom.com>
sig       8F898631             Scott Collins (512) <Scott_Collins at genmagic.com>
sig       0022E52D             Eric Hughes <hughes at soda.berkeley.edu>
sig       E972F011             E. Dean Tribble <tribble at xanadu.com>
sig       4C131F57             Tim Oren <oren at apple.com>
sig       85197FB5             John Gilmore <gnu at cygnus.com>
sig       DA27EC35             Wes Perkhiser <wes.perkhiser at weise.omahug.org>
sig       E7960501             Paul Schencke <1:135/340 at fidonet.org>
sig       9DB252DF             Mike Riddle
sig       734B9A59             Christopher Baker <1:374/14 at fidonet.org>
sig       B1B6B823             GK Pace @ 1:374/26 <gk.pace at f26.n374.z1.fidonet.o

pub  1024/85197FB5 1992/11/08 John Gilmore <gnu at cygnus.com>
sig       5ACB1C6D             (Unknown signator, can't be checked)
sig       15100C27             (Unknown signator, can't be checked)
sig       DA0EDC81             Phil Karn <karn at unix.ka9q.ampr.org>
sig       0BD91A2D             Phil Karn <karn at unix.ka9q.ampr.org>
sig       9F9F38BB             Mark Eichin <eichin at athena.mit.edu>
sig       5B415621             Mark Eichin <eichin at paycheck.cygnus.com>
sig       66CE89B7             Mark Eichin <eichin at cygnus.com>
sig       0022E52D             Eric Hughes <hughes at soda.berkeley.edu>
sig       BDFB1F2D             George Gleason <gg at well.sf.ca.us>
sig       DDBE0DD5             John T. Draper <crunch at netcom.com>
sig       8F898631             Scott Collins (512) <Scott_Collins at genmagic.com>
sig       0245C435             Dave Krieger <dkrieger at netcom.com>
sig       4C131F57             Tim Oren <oren at apple.com>
sig       E972F011             E. Dean Tribble <tribble at xanadu.com>
sig       F5257117             <tomj at wps.com>
sig       71946BDF             Phil Karn <karn at qualcomm.com>


If you knew any of the level 1, or level 2 signatories personally and
had exchanged keys face to face, you'd have some assurance.


Also this level 3:

pub  1024/DA0EDC81 1994/07/25 Phil Karn <karn at unix.ka9q.ampr.org>
sig       ED2354B9             Ulla Sandberg <ulla at stupi.se>
sig       9C57B951             Peter Lothberg <roll at stupi.se>
sig       C7A966DD             Philip R. Zimmermann <prz at acm.org>

PRZ, as your PGP distrbution is probably signed by this key, unless
you've inspected the source personally, you're relying on this key
anyway.


Level 4 would be a big web as lots of people fan out from PRZ.

More information about the cypherpunks-legacy mailing list