yes, I did sign their key, Apple generated a new key and didn't sign it with the old one or have anyone continue it's trust path.. It would be a good thing if someone else signed it and sent notice to Product Security <[EMAIL PROTECTED]>, you can contact them there and ask them to verify the fingerprint or use their website..
either way, isn't it funny that they use a PGP key to verify their security updates and yet with all the CDSA code they have on X, none of it supports the PGP key infrastucture. actually I am not sure what the Security framework is used for, I suspect encrypting passwords on keychain and now System update.. but not ssh/scp or mail.app. too bad. At 10:05 AM -0400 8/3/02, R. A. Hettinga wrote: >--- begin forwarded text > > >Status: RO >Delivered-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >From: Fearghas McKay <[EMAIL PROTECTED]> >Subject: [Mac_crypto] "Security Update 2002-08-02 for OpenSSL, Sun RPC, >mod_ssl" does > not verify >Sender: [EMAIL PROTECTED] >Date: Sat, 3 Aug 2002 08:38:50 +0100 > >**A verification of this security announcement mail fails** > >The key is signed by Vinnie Moscaritolo - [EMAIL PROTECTED] which is a good >thing even if Vinnie is no longer at Apple ( which is a bad thing ), it is >also signed by someone who does not appear on any of the public keyservers >that I can find which is a bit disappointing. > >Verified version is at the bottom. > > f > >--- begin forwarded text > -- Vinnie Moscaritolo ITCB-IMSH PGP: 3F903472C3AF622D5D918D9BD8B100090B3EF042 ------------------------------------------------------- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]