-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gregory Maxwell stated for the record:
On 5/8/07, Avi <avi.wiki(a)gmail.com> wrote:
http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incideā¦
may not be a poor idea for some of us to either
meet in person with
out
fingerprints, or at the very least perform encrypted challenge-responses
with each other, to create a baseline for identification purposes.
I don't see how your encrypted challenge response isn't vulnerable to
a MITM attack. ;)
I.e. I claim to be cyde and give you a key I control but which says
'cyde', then I got to cyde and give him a key claiming to be you..
then I proxy communication between you two. :)
The standard behavior for PGP web of trust is a verified identity
exchange, i.e. person to person with a shown ID.
I've been signing messages to this list for some years now. Either I
hacked this account a long time ago and have not yet made use of its
privileges except to post the occasional snide remark, or I'm the same
person who was appointed to the ArbComm.
If anyone wants to drop by to see me, and swap keys, just ask. But
paranoia is not sufficient reason to get me to traveling more than a few li.
- --
Sean Barrett | What if the hokey pokey is
sean(a)epoptic.com | really what it's all about?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFGQLEi/SVOiq2uhHMRAtPjAKCir6gsuwg/51u/giz416E1wFbenwCfUnnw
zZah+eZEYqvKvTUNGD2Ckzw=
=xoWo
-----END PGP SIGNATURE-----