Proposal of OpenPGP Email Validation

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Thu Jul 30 12:23:20 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 30 July 2015 at 9:27:37 AM, in
<mid:55B9DFF9.6080507 at gmail.com>, Viktor Dick wrote:


> On 2015-07-30 10:17, Ingo Klöcker wrote:
>> I'm sorry to tell you that you have fallen into the trap. There is only one
>> genuine pgpCA at ct.heise.de key the fingerprint of which is printed in each
>> issue of the c't magazine. The other one is a fake. And the fact that the fake
>> key with the author's email address is signed by different keys only means
>> that a lot of people have signed this fake key without following the proper
>> procedure of key validation (or that the trolls created even more fake keys to
>> sign the author's fake key to make it look more credible).

> Not according to
> http://www.heise.de/security/dienste/PGP-Schluessel-der-c-t-CA-473386.html
> where three different keys are listed (two DSS and one
> RSA).


I concur that the keys 38EA4970 and E1374764 both look likely to be
genuine. One has signatures from B3B2A12C, the other from DAFFB000.
The link above lists as "ct magazine CERTIFICATE <pgpCA at ct.heise.de>"
keys B3B2A12C and DAFFB000, as well as a third key BB1D9F6D.


As for the other non-revoked keys I found by searching for "schmidt
juergen heise de":-

        all four are signed by a "ct magazine CERTIFICATE
        <pgpCA at ct.heise.de>" key F6ADD6C2 that is not listed on the
        magazine's page.

        all four are also signed by a "ct magazine CERTIFICATE <ct
        magazine CERTIFICATE>" key FB4DFDC6.

        one of the four has a UID claiming itself to be another "ct
        magazine CERTIFICATE <pgpCA at ct.heise.de>" as well as being
        Juergen Schmidt's key.

Also all four have the same creation date.

I guess anybody being fooled didn't look at the page linked above, or
they would have used key 2C26A309 "ct magazine pgpCA CommunicationKey
2015 <pgpCA at ct.heise.de>" when contacting the magazine. (-;



- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

This message represents the official view of the voices in my head.
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJVufsoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwC2oIALQTnp8zRuDfNM/crs07szAG
lrmNBhB63fSnr2CfHbpSUHXjoVIgn6sKRGz7oUEyhvmTUDPc4QS+aa7khV5jE094
kQn4nh7oWSNDfTEMSZJjA1DQlrN9QMO0A1Pq77Y1LoRCnaMSBtMgifOqp1vX6nfE
ejhqpwMiLF4Db7fdn4gTBK1o3FGXKP55kC5i2QMnwF9KiXz0gtkgdQ+7pgM4MdRT
ow9pynZHoEy9sfIKRkF5g5uk1ch5O2mFFvFeCfTph1d6MK06phQaT9v0VQgOz8ms
0BtsUApmUShYO+BPKVlKVFDsfnMPGrcsOqjxcCz+Ikv2GOOdgdnEl1Rbs2+N0ICI
vgQBFgoAZgUCVbn7Ll8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45MHfAQDVto8gZk48618e2MxXA8ZITDH4
bTaPakeawetZLjew+QD/QZSjuDd/l7s76NXGhrj14fXb9Z9B+/ibDuPelWfSnws=
=cN7q
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list