Including public key

MFPA expires2011 at ymail.com
Sat Jul 30 19:52:01 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 30 July 2011 at 3:22:12 AM, in
<mid:4E336AD4.6020004 at freenet.edmonton.ab.ca>, Jay Litwyn wrote:

>>> although it would be tricky to fake photo-id
>>> production on skype. Photo-id doesn't make very good
>>> single frames, but change the angle on television and
>>> those chrome things flicker and move...

> MFPA wrote:
>> OK, use a TV projector and point your webcam at the
>> screen.

> I do not hav a webcam, and I do not know why you want
> me to create feedback.

I thought you mentioned using skype for photo-id production and
commented about television pictures flickering and moving, depending
on angle. My response was to suggest a way the television picture
could be used that had no such limitation. Pointing the webcam at a
projected TV image instead of at the person using the computer
wouldn't create feedback, as far as I know.



>> "Mallory" could make recordings of your voice and use
>> them to create such a file and sign it with their fake
>> key.

> Not if she wants any coherence in the tune; not that
> there is a lot, mind you: It was straight a-cappella.

When I played the file, I was checking what you said rather than how
you said it, unaware there would be a tune to listen for. I'm sure
somebody with a little skill in audio editing, and a better ear for
pitch than I have, could adjust the speed and pitch of each sound to
produce a passable end result.



> All you can ever do is make a man in the middle attack
> harder.

Fair enough.



>  Live conversation makes it harder.

Do you mean just real-life face-to-face, or do you include telephones
and/or videoconferencing?



> The picture of a thumb in PGP bugs me.

Yes, giving up finger/thumbprints is linked in my mind to
interrogation and incarceration, not to privacy.



> PGP also
> features a list of words, instead of hexadecimal. It
> calls *that* a biometric print; not unless you voice it
> somewhere, and it won't work with GPG, which would need
> the same dictionary.

The word list is there as an additional option to use in PGP, which
also uses hexadecimal (or did when I used PGP 8.x). I fail to see how
the word "biometric" applies, except as an extension of the metaphor
about key digests being fingerprints. The word list is an alternative
way of expressing the same information, and the word "biometric" is
(loosely) an alternative word for "fingerprint."

The word-list might present issues for non-English-speakers, as
discussed a decade ago in the thread at
http://lists.gnupg.org/pipermail/gnupg-devel/2001-March/017007.html



> My
> library also had a reverse directory for Edmonton.

Reverse directory information is available here only for law
enforcement purposes (which is interpreted far too loosely).



> They required my social security number. Nobody is
> perfect. I am nobody. Therefore, I am perfect. Why
> would anyone go to such lengths to impersonate me
> electronically?

No idea, but anybody asking for my national insurance number would be
told to take a hike, unless they needed it to process payroll
deductions, pensions, or benefits. They have no other legitimate use
for it.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

The truth is rarely pure and never simple
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJONETPnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pZhQD/0PI
fVXGWHezqfMNbML6ympxZGb5s70gjxyVoHZcSeQxyYe+nZ3auQTQ7tnVtrKktVP+
mnj/rqPwQjWz7D3e1hPdlnRE38WfCXhuQP3B6Pj5J9euU17cPkFUZK2uQEvkNY4p
YhdC3ie4lZCIyoajdrXDpi52N2MyJK656FxK9+Mc
=48n6
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list