From owner-freebsd-security@FreeBSD.ORG Tue Aug 5 12:39:36 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C845837B401; Tue, 5 Aug 2003 12:39:36 -0700 (PDT) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id B648643F85; Tue, 5 Aug 2003 12:39:35 -0700 (PDT) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 1000) id 1E9BA10BF82; Tue, 5 Aug 2003 21:39:34 +0200 (CEST) Date: Tue, 5 Aug 2003 21:39:34 +0200 From: "Simon L. Nielsen" To: David.E.Tweten@nasa.gov Message-ID: <20030805193932.GA9631@FreeBSD.org> References: <88080.1060111084@gilmore.nas.nasa.gov> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF" Content-Disposition: inline In-Reply-To: <88080.1060111084@gilmore.nas.nasa.gov> User-Agent: Mutt/1.5.4i cc: freebsd-security@freebsd.org cc: freebsd-doc@freebsd.org Subject: Re: Security-officer PGP Key? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 19:39:37 -0000 --h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003.08.05 12:18:04 -0700, Dave Tweten wrote: > I just received a PGP signed message, supposedly from=20 > security-officer@freebsd.org, for which I did not have the matching publi= c=20 > key. Reflexively, I fetched it, and then began looking into it with an= =20 > eye toward signing it so PGP would no longer call it "untrusted." >=20 > To my shock, I found I had two public keys for security-officer, one=20 > vintage 4/22/1996, =46rom: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pgpkeys.html#PGPK= EYS-OFFICERS pub 1024D/CA6CDFB2 2002-08-27 FreeBSD Security Officer Key fingerprint =3D C374 0FC5 69A6 FBB1 4AED B131 15D6 8804 CA6C DFB2 sub 2048g/A3071809 2002-08-27 pub 1024R/73D288A5 1996-04-22 FreeBSD Security Officer (Deprecated key) Key fingerprint =3D 41 08 4E BB DB 41 60 71 F9 E5 0E 98 73 AF 3F 11 uid FreeBSD Security Officer I just checked that the the announcment I recieved was signed with CA6CDFB2 which is listed as the current key. The new key CA6CDFB2 is, among others, signed by the old key 73D288A5. > My next step was to check the list of valid keys at the back of the=20 > FreeBSD Handbook. Further shock. It lists the 4/22/1996 key and not the= =20 > more recent one just downloaded. I immediately deleted the more recent= =20 > key, and drafted this message. Which exact handbook version are you refering to? Everything looks OK to me. --=20 Simon L. Nielsen FreeBSD Documentation Team --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/MAf0h9pcDSc1mlERAsxHAJ0ZHg6CaAuyE49xgZ/enel2Go7N3gCdHX7c VbQ2yOdY33ToO0k0oYjFUb4= =fxGg -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF--