[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Another fake key for my email address



Hi everyone,

In September last year I discovered a fake key for my torproject.org email
address[1]. Today I discovered another one:

pub   2048R/C458C590 2014-02-13 [expires: 2018-02-13]
      Key fingerprint = 106D 9243 7726 CD80 6A14  0F37 B00C 48E2 C458 C590
uid                  Erinn Clark <erinn@xxxxxxxxxxxxxx>
sub   2048R/D16B3DB6 2014-02-13 [expires: 2018-02-13]

To reiterate what I said last time this happened:

1. That is NOT MY KEY. Do not under any circumstances trust anything that may
have ever been signed or encrypted with this key. I looked around and was
unable to find anything, but nonetheless, it is out there and that is creepy.

2. If anyone on any of these lists has encountered this key anywhere -- the
main fear being that it has been used to fraudulently sign packages of some
kind -- can you please let me/us know ASAP?

Tor Project official signatures are listed here: 
https://www.torproject.org/docs/signing-keys.html.en

Consider that the canonical source for all signatures! Be suspicious of
anything not listed there and let us know if you ever find anything.

I want to note here that last year I created a new key which also belongs to me
and I just haven't switched to yet. I am not signing any Tor packages
whatsoever with this key, but it does belong to me and has several signatures
from people I've met in person, some of whom also signed my old/current
(63FEE659) key:

pub   4096R/91FCD12F 2013-09-21
      Key fingerprint = 724B 96C1 997A E999 F0C0  0F8A F8F4 9DD8 91FC D12F
uid                  Erinn Clark <erinn@xxxxxxxxxxxxxx>
uid                  Erinn Clark <erinn@xxxxxxxxxxxxxxxx>
uid                  Erinn Clark <erinn@xxxxxxxxxx>
sub   4096R/1B749632 2013-09-21

With declining trust in the web of trust,
Erinn

[1] https://lists.torproject.org/pipermail/tor-talk/2013-September/029752.html

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk