Apple's Security Update Message Fails PGP Authentication
Vinnie Moscaritolo
vinnie at vmeng.com
Sun Aug 4 09:14:53 PDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
yes, I did sign their key, Apple generated a new key and didn't
sign it with the old one
or have anyone continue it's trust path.. It would be a good thing if
someone else signed it and
sent notice to Product Security <product-security at apple.com>, you can
contact them there and
ask them to verify the fingerprint or use their website..
either way, isn't it funny that they use a PGP key to verify their
security updates and yet
with all the CDSA code they have on X, none of it supports the PGP
key infrastucture.
actually I am not sure what the Security framework is used for, I
suspect encrypting
passwords on keychain and now System update.. but not ssh/scp or
mail.app.
too bad.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.5
iQA/AwUBPU1S89ixAAkLPvBCEQKibgCg9DmZJt4cNsQtgXLHEtvnJT2ZW3YAoNFO
sFVWo7a5peL7W8//5HSXRVAG
=86oB
-----END PGP SIGNATURE-----
At 10:05 AM -0400 8/3/02, R. A. Hettinga wrote:
>--- begin forwarded text
>
>
>Status: RO
>Delivered-To: mac_crypto at vmeng.com
>To: mac_crypto at vmeng.com
>From: Fearghas McKay <fm at st-kilda.org>
>Subject: [Mac_crypto] "Security Update 2002-08-02 for OpenSSL, Sun RPC,
>mod_ssl" does
> not verify
>Sender: mac_crypto-admin at vmeng.com
>Date: Sat, 3 Aug 2002 08:38:50 +0100
>
>**A verification of this security announcement mail fails**
>
>The key is signed by Vinnie Moscaritolo - vinnie at vmeng.com which is a good
>thing even if Vinnie is no longer at Apple ( which is a bad thing ), it is
>also signed by someone who does not appear on any of the public keyservers
>that I can find which is a bit disappointing.
>
>Verified version is at the bottom.
>
> f
>
>--- begin forwarded text
>
--
Vinnie Moscaritolo ITCB-IMSH
PGP: 3F903472C3AF622D5D918D9BD8B100090B3EF042
-------------------------------------------------------
More information about the cypherpunks-legacy
mailing list