[KLUG Members] Re: GPG/PGP

[bill]

On Tue, 2004-06-22 at 17:27, Phillip Hofmeister wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Tue, 22 Jun 2004 at 04:57:14PM -0400, bill wrote:
> > It appears you sent me your public key and fingerprint below (which
> > match), so simply confirming that should be good.  
> 
> NO!
> 
> Email is an un-trusted media.  Someone could have swapped keys while the
> email was in transit (un-likely though it is...) and regenerated the
> fingerprint to match the one they swapped.

Hold on babalooie, I just meant he could confirm it when I talked with
him.  A nefarious interloper would have had to intercept and change both
e-mails.  You're also assuming I had not initiated confirmation via
other channels.  In any case, he can hand me the precious fingerprint
tonight, written in disappearing ink, by the light of the moon, in the
back of a KLUG meeting, while no one around is watching.  

Which reminds me, who is this other persona shadowing Peter to the
meetings?  I've never heard this person say anything, doesn't even seem
to speak English.  And only appears when Peter's around.  Extremely
small size, must be using nano-technology, which means it must be
government.

kr, 

bh