signing keys

[markus_kampkoetter]

Ingo Klöcker schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Markus, I guess your message should have gone to the GnuPG mailing list.

hi ingo, excuse me, your right! i just answered to the mail and did not take 
care of the address (another mailist i am on works correctly this way).
>
> On Tuesday 29 January 2002 12:39, markus_kampkoetter wrote:
> > Ingo Klöcker schrieb:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > On Monday 28 January 2002 19:08, Davide Cavallari wrote:
> > > > You know, I'm just new to openPGP. If  I want a friend of mine to
> > > > securely sign my  public key I  think she should  call me over 
> > > > the phone as  it is explained in the original Zimmermann's
> > > > manual. She cannot completely trust the information gained  from
> > > > my 'X-PGP' headers, since in  this case there is no 'history' at
> > > > all.
> > >
> > > Even better would be if you personally gave her a printout of your
> > > key's fingerprint. Only if she knows your voice very well and if a
> > > personal exchange of fingerprints is not possible you should use
> > > the phone-call-method.
> > >
> > > Regards,
> > > Ingo
> >
> > hi to all! (and sorry i do not use gpg at the moment)
> > in the above case you should not use any wireless phone.
>
> Why? No confidential information it exchanged over the phone. The only 
> piece of information which is exchanged is the key's fingerprint (which 
> is not secret but public because it's the fingerprint of the public 
> key).

i think i got the point: the conspiracy is not about the information itself but 
the consistence between id and the person who is behind it (thats why an id is 
an id is an id, i should have guessed that on my own ;-) 
>
> > to be true, this discussion seemes to be very theoretically (but
> > still interesting). i am new to the theme but have there been
> > `exploits´ in a way that somebody created `evil´ keys?
>
> Yes. There were already some keys created by unknowns with the identity 
> of other people. IIRC there is a fake key with Phil Zimmermann's name 
> on it.
>
> > if a strong/powerfull/rich
> > person/state/organization would really like to know what _you_ are
> > doing on your computer they easily can scan your monitor.
>
> ...and put a key logger in your keyboard. BTW, AFAIK it's not possible 
> to 'scan' a LCD display because they emit far too low radiation (if at 
> all).

thats true, and lcd displays are less harmfull to your eyes (but still too 
expensive at the moment)

thanx
markus (c:

> Regards,
> Ingo
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE8VzVKGnR+RTDgudgRAt2fAJwLPS/NUURVblGpNg3nnEhVuWi+hACfYwpp
> taMizyTkuSKEqP1oab6LbYo=
> =fSYR
> -----END PGP SIGNATURE-----

markus kampkoetter
praxis fuer chinesische medizin
soester str. 42
48155 muenster