suse cd, or oddly enough the suse website (imagine that).
Yes thanks for making fun at my expense, I did actually check the web site and couldn't find anything. Still can't. (Of course it's on the 7.1 CDs, but I haven't got any.) I should have mentioned that the suse security team key on that page is not the one:
rpm -Kvv ssh-1.2.27-220.i386.rpm D: New Header signature D: Signature size: 156 D: Signature pad : 4 D: sigsize : 160 D: Header + Archive: 450623 D: expected size : 450623 ssh-1.2.27-220.i386.rpm: MD5 sum OK: 517365d17ca1475e06addc76d1e30bff gpg: Warning: using insecure memory! gpg: Signature made Thu 15 Feb 2001 23:43:43 NZDT using DSA key ID 9C800ACA gpg: Can't check signature: public key not found
The rpm is signed with a key ID of 9C800ACA, the key on that web page has
Type Bits/KeyID Date User ID
pub 2048/3D25D3D9 1999/03/06 SuSE Security Team
suse cd, or oddly enough the suse website (imagine that).
Yes thanks for making fun at my expense, I did actually check the web site and couldn't find anything. Still can't. (Of course it's on the 7.1 CDs, but I haven't got any.)
I should have mentioned that the suse security team key on that page is not the one:
Volker
Hmmm, yeah thought they used the same key (haven't got 7.1 yet). Well according to rpm: DSA key ID 9C800ACA I cannot find it on any key servers or via google/etc. Might be nice of SuSE to share ;) Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
On Sun, 18 Feb 2001, Kurt Seifried wrote:
DSA key ID 9C800ACA
I cannot find it on any key servers or via google/etc. Might be nice of SuSE to share ;)
I've found it here: http://blackhole.pca.dfn.de:11371/pks/lookup?op=vindex&search=0x9C800ACA&fingerprint=on http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x9C800ACA Peter -- Peter Münster http://notrix.net/pm-vcard
I've found it here:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=vindex&search=0x9C800ACA&fingerp rint=on
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x9C800ACA
Peter
ARRRRGH. HEY SUSE, might want to have someone else sign your key! A self signed key on a public server, the only way to ID it being the key ID, which is not resistant to collision (i.e. I can generate my own keypair with the same key ID without to much trouble). Grumble. This kind of stuff just frustrates me. That key is completely useless, there is no way to verify it. Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
ARRRRGH. HEY SUSE, might want to have someone else sign your key! A self signed key on a public server, the only way to ID it being the key ID, which is not resistant to collision (i.e. I can generate my own keypair with the same key ID without to much trouble). Grumble. This kind of stuff just frustrates me. That key is completely useless, there is no way to verify it.
Pardon me. The key will be on 100000+ CDs. That should be ok for the beginning. I'll have it signed, though, soon. Just didn't find the time to meet the people yet.
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Hello Kurt and all! On Mon, Feb 19, 2001 at 07:29:23AM +0100, Kurt Seifried wrote:
suse cd, or oddly enough the suse website (imagine that).
Yes thanks for making fun at my expense, I did actually check the web site and couldn't find anything. Still can't. (Of course it's on the 7.1 CDs, but I haven't got any.)
I should have mentioned that the suse security team key on that page is not the one:
Volker
Hmmm, yeah thought they used the same key (haven't got 7.1 yet). Well according to rpm:
DSA key ID 9C800ACA
I cannot find it on any key servers or via google/etc. Might be nice of SuSE to share ;)
Maybe it is the one Roman posted to the list a month ago (list-message No. 5245)? :-> If you have missed that one have a look at http://lists.suse.com/archives/suse-security/2001-Jan/0433.html Regards Johannes
Maybe it is the one Roman posted to the list a month ago (list-message No. 5245)? :->
If you have missed that one have a look at
http://lists.suse.com/archives/suse-security/2001-Jan/0433.html
That message is not signed by the old suse key. Spoofing email is not hard. Hmm, something else to add to my article on key management.
Regards
Johannes
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
http://lists.suse.com/archives/suse-security/2001-Jan/0433.html
That message is not signed by the old suse key. Spoofing email is not hard. Hmm, something else to add to my article on key management.
But the key is.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Hello Kurt! On Mon, Feb 19, 2001 at 07:14:08PM +0100, Kurt Seifried wrote:
Maybe it is the one Roman posted to the list a month ago (list-message No. 5245)? :->
If you have missed that one have a look at
http://lists.suse.com/archives/suse-security/2001-Jan/0433.html
That message is not signed by the old suse key. Spoofing email is not hard. Hmm, something else to add to my article on key management.
Did you actually look at the key? It IS signed (see also Roman's posting). Hope you make that much of investigation at least before writing articles. Regards Johannes
Did you actually look at the key? It IS signed (see also Roman's posting). Hope you make that much of investigation at least before writing articles.
Yes I know the key is signed, and you might not want to make assumptions either =).
Regards
Johannes
-Kurt
HiHO...
DSA key ID 9C800ACA
I cannot find it on any key servers or via google/etc. Might be nice of SuSE to share ;)
try this:
=> gpg --recv-keys 9C800ACA
gpg: Warning: using insecure memory!
gpg: requesting key 9C800ACA from wwwkeys.de.pgp.net ...
gpg: key 9C800ACA: public key imported
gpg: Total number processed: 1
gpg: imported: 1
=> gpg --list-keys 9C800ACA
gpg: Warning: using insecure memory!
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key
HiHO...
DSA key ID 9C800ACA
I cannot find it on any key servers or via google/etc. Might be nice of SuSE to share ;)
try this:
I was going to say... I've put it there myself. Thanks to Kurt Garloff for fixing some problems wrt key exchange pgp <-> gpg.
=> gpg --recv-keys 9C800ACA gpg: Warning: using insecure memory! gpg: requesting key 9C800ACA from wwwkeys.de.pgp.net ... gpg: key 9C800ACA: public key imported gpg: Total number processed: 1 gpg: imported: 1
=> gpg --list-keys 9C800ACA gpg: Warning: using insecure memory! pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key
sub 2048g/8495160C 2000-10-19 [expires: 2002-10-19] stephan
Roman.
--
- -
| Roman Drahtmüller
participants (6)
-
Johannes Geiger
-
Kurt Seifried
-
Peter Münster
-
Roman Drahtmueller
-
Stephan Martin
-
Volker Kuhlmann