Since you''ve started signing your email, Tom, my machine can''t verify your sig. Where are you publishing your key? -- John Andersen - NORCOM http://www.norcomsoftware.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Andersen wrote: | Since you''ve started signing your email, Tom, my machine can''t | verify your sig. Where are you publishing your key? See my .sig.... - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBKP1mO/MAbZfjDLIRAhKSAJ435VOS37l5c81Mmig6cluYV6/mLACghIsE 0fFJZyxI4WzDDzPlQgxJVPY=ZFQQ -----END PGP SIGNATURE-----
On Sunday 22 August 2004 12:09 pm, Tom Eastep wrote:> John Andersen wrote: > | Since you''ve started signing your email, Tom, my machine can''t > | verify your sig. Where are you publishing your key? > > See my .sig.... > > -TomDoh!! /slaps-forehead Does your software support publishing to one of the public keyservers that many pgp implimentations can be configured to automatically query? Not that this is critical, it just saves a hit to your website (where i was greeted with an unknown/untrusted ssl certificate) and a manual import of the key. -- John Andersen - NORCOM http://www.norcomsoftware.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Andersen wrote: | On Sunday 22 August 2004 12:09 pm, Tom Eastep wrote: | |>John Andersen wrote: |>| Since you''ve started signing your email, Tom, my machine can''t |>| verify your sig. Where are you publishing your key? |> |>See my .sig.... |> |>-Tom | | | Doh!! /slaps-forehead One of my system''s hadn''t been updated to include the key in my signature. | | Does your software support publishing to one of | the public keyservers that many pgp implimentations | can be configured to automatically query? Yep, I did that -- don''t remember which server it was though :-( - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBKQfwO/MAbZfjDLIRAj8KAJ9qInbm7XcRoXuo/YnNyfYpoY6j9gCfcv4p AjXHrdPpD8oP3Qxukhigdbg=3Uzu -----END PGP SIGNATURE-----
Tom Eastep wrote:> ... > > Yep, I did that -- don''t remember which server it was though :-(Well it hasn''t made it into the global keyserver network yet. Try uploading at pgp.dtype.org... -- Paul Gear, Manager IT Operations, Redlands College 38 Anson Road, Wellington Point 4160, Australia (Please send attachments in portable formats such as PDF, HTML, or OpenOffice.) -- The information contained in this message is copyright by Redlands College. Any use for direct sales or marketing purposes is expressly forbidden. This message does not represent the views of Redlands College.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Gear wrote: | Tom Eastep wrote: | |>... |> |>Yep, I did that -- don''t remember which server it was though :-( | | | Well it hasn''t made it into the global keyserver network yet. Try | uploading at pgp.dtype.org... | Done. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBKfVwO/MAbZfjDLIRAqPkAJ0bdr7cuVsR39J+0pdedZGeWsKpxACfdQi6 7Wg8h0j3wUF6CWX0s1RQoNk=fUiC -----END PGP SIGNATURE-----
Tom Eastep wrote:> Paul Gear wrote: > | Tom Eastep wrote: > | > |>... > |> > |>Yep, I did that -- don''t remember which server it was though :-( > | > | > | Well it hasn''t made it into the global keyserver network yet. Try > | uploading at pgp.dtype.org... > | > > Done.Much better - thanks. -- Paul Gear, Manager IT Operations, Redlands College 38 Anson Road, Wellington Point 4160, Australia (Please send attachments in portable formats such as PDF, HTML, or OpenOffice.) -- The information contained in this message is copyright by Redlands College. Any use for direct sales or marketing purposes is expressly forbidden. This message does not represent the views of Redlands College.
On 24 Aug 2004 at 9:10, Paul Gear wrote:> > |>Yep, I did that -- don''t remember which server it was though :-( | > > | | Well it hasn''t made it into the global keyserver network yet. > > Try | uploading at pgp.dtype.org... | > > > > Done. > > Much better - thanks.Yup, works. Now we know for sure that the person claiming to be Tom is indeed the person claiming to be Tom. ;-) -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John S. Andersen wrote: | | Yup, works. | Now we know for sure that the person claiming to | be Tom is indeed the person claiming to be Tom. ;-) | A comfort to all, I''m sure... - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBKoZJO/MAbZfjDLIRAgpCAJ44cmjjDn1UreziPzYPvLM0hNUukQCggyBq IJ26Vrgit1p+PBCTAE0OUzQ=nVRv -----END PGP SIGNATURE-----
On Tuesday 24 August 2004 02:03, John S. Andersen wrote:> Yup, works. > Now we know for sure that the person claiming to > be Tom is indeed the person claiming to be Tom. ;-)Probably my irony detector is not working correctly, so please bear with me, but: do we? Why would we? Anybody can upload his/her key to the server. Even I could upload a "Tom Eastap <teastep@gmx.net>" key. Granted, one would have to intrude the shorewall.net mailserver to get an @shorewall.net address, else people would probably not believe me, but "for sure" we do know nothing. I think Tom should get his key signed by some people and try to build a net of trust. Call someone you know that has a gpg key and let him sign yours and so on ... Alex
Alexander wrote on 24/08/2004 06:37:10:> On Tuesday 24 August 2004 02:03, John S. Andersen wrote: > > Yup, works. > > Now we know for sure that the person claiming to > > be Tom is indeed the person claiming to be Tom. ;-) > > > I think Tom should get his key signed by some people and try to build anet of> trust. Call someone you know that has a gpg key and let him sign yoursand so> on ... >I think Tom''s reply style is enough for me. Nobody could impersonate it :-) cheers, ________________________ Eduardo Ferreira Icatu Holding S.A. Supervisor de TI (5521) 3804-8606
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander Gretencord wrote: | On Tuesday 24 August 2004 02:03, John S. Andersen wrote: | |>Yup, works. |>Now we know for sure that the person claiming to |>be Tom is indeed the person claiming to be Tom. ;-) | | | Probably my irony detector is not working correctly, so please bear with me, | but: do we? Why would we? Anybody can upload his/her key to the server. Even | I could upload a "Tom Eastap <teastep@gmx.net>" key. | | Granted, one would have to intrude the shorewall.net mailserver to get an | @shorewall.net address, else people would probably not believe me, but "for | sure" we do know nothing. | | I think Tom should get his key signed by some people and try to build a net of | trust. Call someone you know that has a gpg key and let him sign yours and so | on ... My key is also available on my secure server (see my signature below). Of course, I am my own CA (see http://lists.shorewall.net/Shorewall_CA_html.html) so that isn''t excatly foolproof either :-) - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBK0lAO/MAbZfjDLIRAvtLAJ98u3ZInOchpFrPn3LXJyk6qjqVUwCeOws8 mr4da64gkqgMHowL4HDSa+I=ZcPP -----END PGP SIGNATURE-----
On 24 Aug 2004 at 11:37, Alexander Gretencord wrote:> On Tuesday 24 August 2004 02:03, John S. Andersen wrote: > > Yup, works. > > Now we know for sure that the person claiming to > > be Tom is indeed the person claiming to be Tom. ;-) > > Probably my irony detector is not working correctly, so please bear > with me, but: do we? Why would we? Anybody can upload his/her keyto> the server. Even I could upload a "Tom Eastap <teastep@gmx.net>"key. That is exactly why I phrased it EXACTLY as I did.... and I included the whinking smilie just in case your humor detector was on vacation with your irony detector. ;-) ---side note: Its not quite a simple to fake things as you imply. (Tom''s sigs would Error Out if I queried a server that had your bogus key) but its fairly easy to create a new identity and start signing mail as that new (ficticious) identity. It would still be hard for anyone else to pretend to the the person you were pretending to be. -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/