Delivery-Date: Fri, 19 Feb 2016 07:58:27 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3B4691E01A5;
	Fri, 19 Feb 2016 07:58:25 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 65FE5397C9;
	Fri, 19 Feb 2016 12:58:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5A0B9397C6
 for <tor-talk@lists.torproject.org>; Fri, 19 Feb 2016 12:58:17 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id mPo0UVctYB-d for <tor-talk@lists.torproject.org>;
 Fri, 19 Feb 2016 12:58:17 +0000 (UTC)
Received: from mail-pf0-x236.google.com (mail-pf0-x236.google.com
 [IPv6:2607:f8b0:400e:c00::236])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 32DAD397C5
 for <tor-talk@lists.torproject.org>; Fri, 19 Feb 2016 12:58:14 +0000 (UTC)
Received: by mail-pf0-x236.google.com with SMTP id e127so50935536pfe.3
 for <tor-talk@lists.torproject.org>; Fri, 19 Feb 2016 04:58:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to:content-type:content-transfer-encoding;
 bh=pxPSAfeq+Hsizn5mjvMKEirUiklJWMnK/ZZC/RXsdho=;
 b=vU1YbGHA2zZ8do/EwP3B2sOQsB6+ub9SAnAqpaRfwRmhv+rkAyLlG+cw8bnV5MHPg2
 EetfSQ2A6BbaXhu/uxQpdJawHBbSxPEtNvJaR98cmTkjxrriyShzus6YpW2sFSDJJmhr
 bHMXw8DJ/J/Bk+33JRIB7l7haIbjxKWcGYRIKvk6Ov5R6vDNiMT8319svOJeo95Qa4gL
 TLuM2LK57XJvZu7tYmdRpdzUYxBpIkHvf+BCVcvERZw5N2HixEi2xNsDVskp/kZYRpcw
 916JQ5yA9h+PEJXzx0OB3ax2x9QQPI1w/r0z4UfIxc/oLjUd6PSnug0F08mTWaBRhppv
 +9mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:subject:to:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-type
 :content-transfer-encoding;
 bh=pxPSAfeq+Hsizn5mjvMKEirUiklJWMnK/ZZC/RXsdho=;
 b=Pw9TS5GiuPcVxiNOf7qKsKococBWTKQTHqVxYYlXH13SEZYR96o0KknQL29Omi9pGY
 7doOaO2ojWgmZmCslYJWVLLWM2FrQN/qSJnSOJcrm4wmwmdVSk2xHb4TCdL1DxjLIl2G
 KchlyuzDLs8p1XLEgliEfO8lJR2zteqn2bOH09bAhfmGDRbZqlcvJHYew277RVlYeHAj
 DCJTgIkzIMnZQNUpK069ALWHbU7WCLc7DNw9e3VudMR54HVbbaXv27P6628EqrSvSVVQ
 NJrzf/3dWaadJ8Ia4w49Zp1fmYbhYc+l3aFyxoHngosdzzIcZtvPb65tKb/1ozdH2r8P
 rzkg==
X-Gm-Message-State: AG10YOSLe5WqRh+VJv5gne5f37Qh0wIGY9fD5db7vUjlvliVNgnu1fMOn/eC0dsCQWwdxg==
X-Received: by 10.98.93.2 with SMTP id r2mr18006333pfb.64.1455886691627;
 Fri, 19 Feb 2016 04:58:11 -0800 (PST)
Received: from [192.41.170.189] (X250.desktops.cs.ait.ac.th. [192.41.170.189])
 by smtp.gmail.com with ESMTPSA id
 e1sm17956314pas.1.2016.02.19.04.58.10
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Fri, 19 Feb 2016 04:58:10 -0800 (PST)
To: tor-talk@lists.torproject.org
References: <CAD--ZDVZECJ+gcx5MF51VTJ97pMzzROSVrDmpR7L1F-_hOF1OA@mail.gmail.com>
 <56C70E62.10206@veloc1ty.de>
From: Suphanat Chunhapanya <haxx.pop@gmail.com>
Message-ID: <56C7115F.5060406@gmail.com>
Date: Fri, 19 Feb 2016 19:58:07 +0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56C70E62.10206@veloc1ty.de>
Subject: Re: [tor-talk] PGP and Signed Messages,
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Another way is to use Keybase (https://keybase.io). It will bind many
different social media (twitter, reddit, github) to the key. This
means that the attacker needs to compromise all of your accounts of
those media to forge the key.

On 02/19/2016 07:45 PM, Josef 'veloc1ty' Stautner wrote:
> Hi,
> 
> this is a basic problem of PKI - is the key the correct one to
> use. There is nothing to stop you from copying for example my key 
> information. That's why you need to check the received key over
> another channel. For example I put my fingerprint on my website and
> it's also on my business card.
> 
> A second way is looking at the signatures from other users thus
> it's not the best method for validating an identity.
> 
> ~Josef
> 
> Am 19.02.2016 um 13:34 schrieb Nathaniel Suchy:
>> I've noticed a lot of users of Tor use PGP. With it you can
>> encrypt or sign a message. However how do we know a key is real?
>> What would stop me from creating a new key pair and uploading it
>> to the key servers? And from there spoofing identity?
> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWxxFfAAoJEGyq803SvUvTCYMP/0KGON0QoE4ZilVqTxHZV4kB
Gg0mjg3nNr42mz/GVlF6eh2vktbrTX7rge9/YRvSIc2/HdLdyNRf6wf8bfYQo0/W
o+IndxquAFMne++kykMmluCk1KVRXoW5IVsAVBw0MXBI6YP4HaCEwQAC2vhx5Dmn
h4zIzYQkOsbBDitVLVKNFxsCWqAnlHdZUZ81U/tdCGsAuAohS5fCIKzmkxKdPPag
F3c4MGv1nKI+IO2LFAN2tIqAG630BEkgwu+y8eUbmIzE42QnRqu2a9k7lowRXnOh
vzL5jKbMyp00TULTIt4PR9+y61i4G0nOUvmZUBJ5ur2jhEMEBhAWywJHGYfL4+/H
2eiGR1hVGR15Z/j0Tpy015VUbo0wnNWbVBDEvfE0IfrZAmX6cfsNRKMpHrCBoQts
aS/JNG4xDVhzkrcrkzZH7UQkHcTZWSAgTbPNDsQXUYeIZyRAm7wJiKwuB26avZPF
EbqweRQFSCzKC7+BogxNFdr6R+h2o21yYTT/O5AeDt1/QSU5UBQVpaBmb8N+CoqP
wseiR0AvZ4Mu9+6uEyaYFQh32yDUPaIi2u6YnJq9L5UjSGIx3gJNNzrmnX0GOmPA
yVcxdjxi20etYqfbm/tvGYpHA6e30r9PqQ4hBpfg515zBVPDgrk9dg+QJHJ5K7n4
HOVs4cLk0GGpzf2CHjtM
=vwo9
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

