Wed Jan 30 17:50:01 2002
Ingo Klöcker schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Markus, I guess your message should have gone to the GnuPG mailing list.
hi ingo, excuse me, your right! i just answered to the mail and did not take
care of the address (another mailist i am on works correctly this way).
> On Tuesday 29 January 2002 12:39, markus_kampkoetter wrote:
> > Ingo Klöcker schrieb:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > On Monday 28 January 2002 19:08, Davide Cavallari wrote:
> > > > You know, I'm just new to openPGP. If I want a friend of mine to
> > > > securely sign my public key I think she should call me over
> > > > the phone as it is explained in the original Zimmermann's
> > > > manual. She cannot completely trust the information gained from
> > > > my 'X-PGP' headers, since in this case there is no 'history' at
> > > > all.
> > >
> > > Even better would be if you personally gave her a printout of your
> > > key's fingerprint. Only if she knows your voice very well and if a
> > > personal exchange of fingerprints is not possible you should use
> > > the phone-call-method.
> > >
> > > Regards,
> > > Ingo
> > hi to all! (and sorry i do not use gpg at the moment)
> > in the above case you should not use any wireless phone.
> Why? No confidential information it exchanged over the phone. The only
> piece of information which is exchanged is the key's fingerprint (which
> is not secret but public because it's the fingerprint of the public
i think i got the point: the conspiracy is not about the information itself but
the consistence between id and the person who is behind it (thats why an id is
an id is an id, i should have guessed that on my own ;-)
> > to be true, this discussion seemes to be very theoretically (but
> > still interesting). i am new to the theme but have there been
> > `exploits´ in a way that somebody created `evil´ keys?
> Yes. There were already some keys created by unknowns with the identity
> of other people. IIRC there is a fake key with Phil Zimmermann's name
> on it.
> > if a strong/powerfull/rich
> > person/state/organization would really like to know what _you_ are
> > doing on your computer they easily can scan your monitor.
> ...and put a key logger in your keyboard. BTW, AFAIK it's not possible
> to 'scan' a LCD display because they emit far too low radiation (if at
thats true, and lcd displays are less harmfull to your eyes (but still too
expensive at the moment)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> -----END PGP SIGNATURE-----
praxis fuer chinesische medizin
soester str. 42