Information Security News mailing list archives
Re: Microsoft bulletins fail PGP verification
From: InfoSec News <isn () c4i org>
Date: Mon, 6 Aug 2001 03:14:16 -0500 (CDT)
Forwarded by: "Jay D. Dyson" <jdyson () treachery net> -----BEGIN PGP SIGNED MESSAGE----- On Wed, 1 Aug 2001, InfoSec News wrote:
Microsoft security bulletins often fail a popular e-mail authentication system. But the company insisted that its method for distributing security information is sound.
This is not the fault of Microsoft, but the end user. NAI PGP will always regard any key that hasn't been signed by the end user as "invalid." This doesn't mean the key isn't good; just that the user hasn't bothered to manually inspect it and sign it, thus leaving the key designation as "Untrusted" (and rightly so). Even MIT PGP will complain when it checks a PGP-signed file with a key that hasn't been signed by a trusted user. - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee."-. >====<--. C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) | = |-' `--' `--' `- Black as hell, sweet as love, swift as death. -' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO2gwh7lDRyqRQ2a9AQFGPgQAomRQyT71PQRpurAp5Jtowy8QXWomLPz5 xjOfVFB7EAIM1SdDJurT07wdgC4QFYrdeVR0lXiW6YmyUaYTxgNxgTQkUXcPFBvv KCCNOBQx9LzHqY3rTU2i9VMOz/RACFz4ZX1g91iBug4I8TKF94yKOVFCnL02waS7 UiqjUL3D2aE= =PI5x -----END PGP SIGNATURE----- - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Microsoft bulletins fail PGP verification InfoSec News (Aug 01)
- <Possible follow-ups>
- Re: Microsoft bulletins fail PGP verification InfoSec News (Aug 06)