I've found it here:

http://blackhole.pca.dfn.de:11371/pks/lookup?op=vindex&search=0x9C800ACA&fingerp rint=on

http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x9C800ACA

Peter

ARRRRGH. HEY SUSE, might want to have someone else sign your key! A self signed key on a public server, the only way to ID it being the key ID, which is not resistant to collision (i.e. I can generate my own keypair with the same key ID without to much trouble). Grumble. This kind of stuff just frustrates me. That key is completely useless, there is no way to verify it. Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net

Hello Kurt and all! On Mon, Feb 19, 2001 at 07:29:23AM +0100, Kurt Seifried wrote:

...

...

suse cd, or oddly enough the suse website (imagine that).

http://www.suse.de/en/support/security/index.html

Yes thanks for making fun at my expense, I did actually check the web site and couldn't find anything. Still can't. (Of course it's on the 7.1 CDs, but I haven't got any.)

I should have mentioned that the suse security team key on that page is not the one:

Volker

Hmmm, yeah thought they used the same key (haven't got 7.1 yet). Well according to rpm:

DSA key ID 9C800ACA

I cannot find it on any key servers or via google/etc. Might be nice of SuSE to share ;)

Maybe it is the one Roman posted to the list a month ago (list-message No. 5245)? :-> If you have missed that one have a look at http://lists.suse.com/archives/suse-security/2001-Jan/0433.html Regards Johannes

...

http://lists.suse.com/archives/suse-security/2001-Jan/0433.html

That message is not signed by the old suse key. Spoofing email is not hard. Hmm, something else to add to my article on key management.

But the key is. Thanks, Roman. -- - - | Roman Drahtmüller // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -

Did you actually look at the key? It IS signed (see also Roman's posting). Hope you make that much of investigation at least before writing articles.

Yes I know the key is signed, and you might not want to make assumptions either =).

Regards

Johannes

-Kurt

HiHO...

...

DSA key ID 9C800ACA

I cannot find it on any key servers or via google/etc. Might be nice of SuSE to share ;)

try this:

I was going to say... I've put it there myself. Thanks to Kurt Garloff for fixing some problems wrt key exchange pgp <-> gpg.

=> gpg --recv-keys 9C800ACA gpg: Warning: using insecure memory! gpg: requesting key 9C800ACA from wwwkeys.de.pgp.net ... gpg: key 9C800ACA: public key imported gpg: Total number processed: 1 gpg: imported: 1

=> gpg --list-keys 9C800ACA gpg: Warning: using insecure memory! pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key sub 2048g/8495160C 2000-10-19 [expires: 2002-10-19]

stephan

Roman. -- - - | Roman Drahtmüller // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -