[11309] in cryptography@c2.net mail archive
Re: Apple's Security Update Message Fails PGP Authentication
daemon@ATHENA.MIT.EDU (Vinnie Moscaritolo)
Sun Aug 4 12:22:49 2002
In-Reply-To: <p05111a1bb9719157c519@[66.149.49.6]>
Date: Sun, 4 Aug 2002 09:14:53 -0700
To: "R. A. Hettinga" <rah@shipwright.com>
From: Vinnie Moscaritolo <vinnie@vmeng.com>
Cc: Digital Bearer Settlement List <dbs@philodox.com>,
cryptography@wasabisystems.com, cypherpunks@lne.com,
"TidBITS Talk" <tidbits-talk@tidbits.com>, net_thinkers@vmeng.com
yes, I did sign their key, Apple generated a new key and didn't
sign it with the old one
or have anyone continue it's trust path.. It would be a good thing if
someone else signed it and
sent notice to Product Security <product-security@apple.com>, you can
contact them there and
ask them to verify the fingerprint or use their website..
either way, isn't it funny that they use a PGP key to verify their
security updates and yet
with all the CDSA code they have on X, none of it supports the PGP
key infrastucture.
actually I am not sure what the Security framework is used for, I
suspect encrypting
passwords on keychain and now System update.. but not ssh/scp or
mail.app.
too bad.
At 10:05 AM -0400 8/3/02, R. A. Hettinga wrote:
>--- begin forwarded text
>
>
>Status: RO
>Delivered-To: mac_crypto@vmeng.com
>To: mac_crypto@vmeng.com
>From: Fearghas McKay <fm@st-kilda.org>
>Subject: [Mac_crypto] "Security Update 2002-08-02 for OpenSSL, Sun RPC,
>mod_ssl" does
> not verify
>Sender: mac_crypto-admin@vmeng.com
>Date: Sat, 3 Aug 2002 08:38:50 +0100
>
>**A verification of this security announcement mail fails**
>
>The key is signed by Vinnie Moscaritolo - vinnie@vmeng.com which is a good
>thing even if Vinnie is no longer at Apple ( which is a bad thing ), it is
>also signed by someone who does not appear on any of the public keyservers
>that I can find which is a bit disappointing.
>
>Verified version is at the bottom.
>
> f
>
>--- begin forwarded text
>
--
Vinnie Moscaritolo ITCB-IMSH
PGP: 3F903472C3AF622D5D918D9BD8B100090B3EF042
-------------------------------------------------------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
