Re: iDEFENSE: Upcoming OpenSSH Security Advisory Anno Johnson)

[starwars <nobody () tatooine homelinux net>]

At 02:04 PM 5/3/2004 -0400, Michael Sutton wrote:
> *** PGP Signature Status: good
> *** Signer: Michael Sutton <msutton () idefense com> (Invalid)
> *** Signed: 5/3/2004 2:04:14 PM
> *** Verified: 5/3/2004 4:18:14 PM
> *** BEGIN PGP VERIFIED MESSAGE ***

It would be nice if this was message had been signed with a key that had someone else's signatures on the public key. I 
mean, at least it's self-signed, but can't you iDefense guys manage to sign each other's keys? Any moron could generate 
a key with your ID and self-sign it.

This isn't the first iDefense spoof.  When are you going to take non-repudiation more seriously?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html