Re: [ISN] Microsoft bulletins fail PGP verification

From: InfoSec News (isnat_private)
Date: Mon Aug 06 2001 - 01:14:16 PDT

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - August 03, 2001"

    Forwarded by: "Jay D. Dyson" <jdysonat_private>
    On Wed, 1 Aug 2001, InfoSec News wrote: 
    > Microsoft security bulletins often fail a popular e-mail authentication
    > system. But the company insisted that its method for distributing
    > security information is sound. 
    	This is not the fault of Microsoft, but the end user.  NAI PGP
    will always regard any key that hasn't been signed by the end user as
    "invalid."  This doesn't mean the key isn't good; just that the user
    hasn't bothered to manually inspect it and sign it, thus leaving the key
    designation as "Untrusted" (and rightly so).  Even MIT PGP will complain
    when it checks a PGP-signed file with a key that hasn't been signed by a
    trusted user.
    - -Jay
      (    (                                                         _______
      ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
    C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) |    = |-'
     `--' `--'  `- Black as hell, sweet as love, swift as death. -'  `------'
    Version: 2.6.2
    Comment: See for current keys.
    -----END PGP SIGNATURE-----
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 03:01:45 PDT