At 11:57 AM 8/27/00 -0700, Bill Stewart wrote:
...
The real question is whether somebody will hack the keyservers
to eat ADK keys before or after somebody downloads all the DH keys,
adds ADK keys to them, updates the servers, and threatens to publish
...
It looks like NAI is treating this
How hard would it be to filter the public key servers for unsigned
ADKs and either notify the keyowner or just remove the unsigned ADKs?
The cert containing the unsigned ADK could be moved to a separate key
server, equipped with suitable warnings, so the forensic record would
be preserved.
Anrold Reinhold wrote:
How hard would it be to filter the public key servers for unsigned
ADKs and either notify the keyowner or just remove the unsigned ADKs?
It might be possible to filter the unsigned ADKs from key servers,
however, it is not clear if the bug discovered is all there is to
CTED]
Sent: Saturday, August 26, 2000 9:26 PM
Subject: PGP ADK Bug Fix
Cryptome offers the ADK bug-fixed PGP Freeware 6.5.8:
http://jya.com/pgpfree/PGPFW658Win32.zip (7.8MB)
http://jya.com/pgpfree/PGPFW658Mac_sit.bin (5.6MB)
Analyses of the ADK fix and any others most welcome.
At 10:33 AM 8/27/00 -0400, Arnold G. Reinhold wrote:
How hard would it be to filter the public key servers for unsigned
ADKs and either notify the keyowner or just remove the unsigned ADKs?
The cert containing the unsigned ADK could be moved to a separate key
server, equipped with suitable
Cryptome offers the ADK bug-fixed PGP Freeware 6.5.8:
http://jya.com/pgpfree/PGPFW658Win32.zip (7.8MB)
http://jya.com/pgpfree/PGPFW658Mac_sit.bin (5.6MB)
Analyses of the ADK fix and any others most welcome.