Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)

Adam Shostack adam at lighthouse.homeport.org
Tue Jan 30 10:13:17 PST 1996


-----BEGIN PGP SIGNED MESSAGE-----

Expire your keys annually.  You know about key lifetimes & expiry, and
in fact talk about them at length in your 'Experiences' paper.  So I
assert that this is a straw man.  The included key has an expiration
date on it.


Nathaniel Borenstein wrote:

| Right, absolutely.  But let's face it, by now you believe it's me
| anyway, or the real nsb at nsb.fv.com would have spoken up and argued with
| me.  On the other hand,  if I start routinely PGP-signing email, then
| the value of slowly brute-force cracking my private key goes way up.  If
| FV is successful, for example, you could spend a few years breaking my
| key, and then forge apparently-slanderous signed mail from me to you as
| part of a lawsuit.  This would be far more believable, in a court of
| law, if I routinely signed everything than if I didn't.  

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCKAzBjLm4AAAED53EETCG11u/jmMQmWvp1wRU10XUOtXjC/3zVGS23G3bv0o7F
JqdYDWJBp1Rzjb5p6t8KXTPVwx1ZXG8AvJcNFyZiYUznDiHDCT9JScQG5NL++C3r
x6n2YaQLooQgsw5l9aWEJ9Qi3UnQOVA2ZkaYs9RQdJsH8N5XP6PQNGpRAAURtC5B
ZGFtIFNob3N0YWNrIDxhZGFtQGhvbWVwb3J0Lm9yZz4gW0V4cCBBdWcgOTZdiQCV
AwUQMGMuqAWt5TRah1f5AQGjiwP9H3VhNDLNvNkll2Db7ccQlppbFgFjxj5/MTBj
jFD7+FRZcSG4kpbkLYz4gPwY/upf+9N8dp+lEKXNtYLFVfSCkPSMAQhRK1PA4aqv
YlTerDwWQxt4Zyv8H30GO2zm0TkCMWMS6ZZN9U/jk0t7VTYOFvW7sQeiKV4BDScd
7eU62XM=
=Z34o
- -----END PGP PUBLIC KEY BLOCK-----


- -- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCSAwUBMQ4+ZN5XP6PQNGpRAQE4IQPmLiLyT7/7VAw6Z5ajqDlJCiMwubUQTtc+
pCo3RPZjJ8IakLvgXF06LJoIK7ObYbgfRED90v/LNlZivE1CpHQb9QRobNYqIBgU
ZQBw4NkqCAS9kH4K+LrK1ce4sPF8gLBwZBSS+PJXS+BBW6Tp2kDF534Ro6x+hMOV
k1Xuc7s=
=GlZS
-----END PGP SIGNATURE-----






More information about the cypherpunks-legacy mailing list