-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gregory Maxwell stated for the record:
On 5/8/07, Avi avi.wiki@gmail.com wrote: http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Inciden...
may not be a poor idea for some of us to either meet in person with out fingerprints, or at the very least perform encrypted challenge-responses with each other, to create a baseline for identification purposes.
I don't see how your encrypted challenge response isn't vulnerable to a MITM attack. ;)
I.e. I claim to be cyde and give you a key I control but which says 'cyde', then I got to cyde and give him a key claiming to be you.. then I proxy communication between you two. :)
The standard behavior for PGP web of trust is a verified identity exchange, i.e. person to person with a shown ID.
I've been signing messages to this list for some years now. Either I hacked this account a long time ago and have not yet made use of its privileges except to post the occasional snide remark, or I'm the same person who was appointed to the ArbComm.
If anyone wants to drop by to see me, and swap keys, just ask. But paranoia is not sufficient reason to get me to traveling more than a few li.
- -- Sean Barrett | What if the hokey pokey is sean@epoptic.com | really what it's all about?