Re: Microsoft bulletins fail PGP verification

[InfoSec News <isn () c4i org>]

Forwarded by: "Jay D. Dyson" <jdyson () treachery net>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 1 Aug 2001, InfoSec News wrote: 

> Microsoft security bulletins often fail a popular e-mail authentication
> system. But the company insisted that its method for distributing
> security information is sound. 

        This is not the fault of Microsoft, but the end user.  NAI PGP
will always regard any key that hasn't been signed by the end user as
"invalid."  This doesn't mean the key isn't good; just that the user
hasn't bothered to manually inspect it and sign it, thus leaving the key
designation as "Untrusted" (and rightly so).  Even MIT PGP will complain
when it checks a PGP-signed file with a key that hasn't been signed by a
trusted user.

- -Jay

  (    (                                                         _______
  ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) |    = |-'
 `--' `--'  `- Black as hell, sweet as love, swift as death. -'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO2gwh7lDRyqRQ2a9AQFGPgQAomRQyT71PQRpurAp5Jtowy8QXWomLPz5
xjOfVFB7EAIM1SdDJurT07wdgC4QFYrdeVR0lXiW6YmyUaYTxgNxgTQkUXcPFBvv
KCCNOBQx9LzHqY3rTU2i9VMOz/RACFz4ZX1g91iBug4I8TKF94yKOVFCnL02waS7
UiqjUL3D2aE=
=PI5x
-----END PGP SIGNATURE-----



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.