James Dalton Bell PK 1994-03-01

grarpamp grarpamp at gmail.com
Sun Sep 24 12:55:49 PDT 2017


On Sun, Sep 24, 2017 at 12:46 PM, jim bell <jdb10987 at yahoo.com> wrote:
> I think what I'm going to do, in part, is to generate a video of me reciting
> my public key, and place the video on YouTube.

That works well since many recipients know the senders IRL,
or have at least made their own estimated and acceptable
trust analysis as to such.

> While such a thing could conceivably be faked, it should be good enough for
> a few weeks.

A few notes...

People should recite the full 40 character key fingerprint.
This is because 16 hexchars is only 64 bits (and 8 is 32 bits),
and short-key-id collision attacks happen (search something like
pgp fingerprint collision), and all other recited fields of such a key
are cloneable by the attacker into the attackers key.

Those creating their first keys should consider giving them
expiry dates. Simply to avoid confusion if early keys are later
compromised in learning or other environments, or they
roll out new keys with new options, management, and usage
models as a result of such learning. And no one can keep
a key both secure and usable forever.

Create and keep a revocation certificate. Though one
can assert a compromise and new key in a public signing
statement, they are still handy to have, especially for those
that can't stand on a soapbox IRL to make such statement
(ie: a video).

Gnupg 2.2.1 (and probably downstream gpg4win) now puts
those revocation certs in handy printable text files by default
upon key creation.

https://gnupg.org/

> I was unable to read/import the above Public Key Block.  Perhaps the last
> couple of lines were mangled.

The old FA8754305BA01D9D key as posted by JYA imports ok as received.

The keyservers take care to only carry keys that pass various
lint checks and thus can always be imported from there.
And they present them cleanly via HKPS or simple plaintext
via the web for easy cut / paste.

You could probably find some more keys by searching
for name or email here...

https://gpg.nebrwesleyan.edu/pks/lookup?search=jim+bell&fingerprint=on&hash=on&op=vindex
https://gpg.nebrwesleyan.edu/pks/lookup?search=james+bell&fingerprint=on&hash=on&op=vindex
https://gpg.nebrwesleyan.edu/



More information about the cypherpunks mailing list