Dean Foster's PGP public key

Dean Foster's public key

Anyone can spoof an email. The easiest way to simply set the preferences in Netscape to the email address you want to spoof. So, if an email says it is from santa@north.pole, don't believe it. If everyone plays fair, mail should be able to be traced back to its origin (see qmail's opinion of this). On the other hand, only the person who knows the private half of a public key/private key pair can sign an email message using PGP. So a signed email message either comes from the person who knows the private key, or from the NSA. (Given the noises made by the US government, it is possible that even the NSA can't spoof a PGP signed email.)

I'm using gpg to sign my messages. It is an open source produce produced by the people at gnu. So if you want to verify that an email actually comes from me, check it against my public signature given below. (I've also put my key on a public server or two, but haven't ever gotten it signed. So all the public server does for it is it allows one to check that it hasn't changed in several year.)

Eventually everyone will sign their message as a matter of course. Or at least anyone who wants you to know who they really are will sign their messages. The only people who regularly send me emails that probably don't want me to know their real address are spammers. So eventually a mail filter that doesn't pass messages that are unsigned should remove all spam. Now that is the correct way to end SPAM/junk email! No government intervention needed.

PGP fingerprint:

pub 1024D/F91B7E26 1999-07-27 Dean P. Foster < foster@gosset.wharton.upenn.edu >

Key fingerprint = 5D7E B302 B808 DF63 8DA1 8A3B 2D0B C6B1 F91B 7E26

In an ideal world, you would have gotten the above fingerprint via some hardcopy or possibly over the phone. Possibly printed on the backside of my business card. In that case, you could download my public key, and then ask your software to generate a fingerprint. If it didn't agree with the printed copy, you would know that you had been attacked by a "man in the middle" attack. Feel VERY special! To my knowledge, no-one has suffered such an attack (yet).

Putting the fingerprint here is totally useless for security purposes. But for fun, you can check that it matches my public key below:

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v0.9.9 (GNU/Linux) mQGiBDedr10RBACVH5E66o6ce3kcL640vNmbhWiFDGY8HqFhDPxdHqDhG+EiQ0mG oI/K2JewxmjFrbgtmUkOkY5UbCrTHiEkt3njLrYaS6VVWB44CwYFuUS1XX60NaoA UYiNJ8vMRjI+z3oYu/dya9fxDxdWfQ7HkbkK4IAbLrRPgzm1fKsSTNOtKwCggs2O 9AYfzE+1MhaOzqHmarhajYsD/iAwgOT1kxM6elksKdeTb0tHc+gt2xXoW+oixo9R rVKwbI0x05WXfy8h8RsN77IIk+bNgUIweZd7w9QMLEBErWzqDs4SaQTxLZ9ZGU2E h8SQe4sRZOZ8f9AFjP9D9R9ikfMZSpkJ+K9UlZG138WyDkgHcIMZp5OlfsECkPl+ cwiKA/90b21Q0lt9u3r7OjMYBjHRxPfoZiLipnHD1AnA98crYnvtV7BhUzAmnRf5 SIeSguS1PSrdk0kk2JYsESF4nB4xhqE0lTNtRJh088ljraYVOEap7SvS+/eyZuon 0X4dzMj92dQ+J9BPN8paZBtLvhxPEJSZTwKEWaRLPDx3FxCEKLQzRGVhbiBQLiBG b3N0ZXIgPGZvc3RlckBkaXNrd29ybGQud2hhcnRvbi51cGVubi5lZHU+iFUEExEC ABUFAjedr14DCwoDAxUDAgMWAgECF4AACgkQLQvGsfkbfibqQQCfWhpr1i7j045f HhyrVWaU/u+g3asAmwZvkFFvZifkZXTIrR2aEh6Wno+IuQENBDedr20QBACqRG3G FyxaLPWHOIJYR9sNMvkHsspbpBGjVFQaqSWKvJ3jNQZknkA41Vi+z1JpyH5LUflR AEcokTUZ+np5kr/t5S3fHPktxQdUOY9ko8IpwrGsnBGRYXybaXD6hfcNSO3c6iwP 7zp5TRisbnOYO/At3w8YORGkmIeIrXvk7ZyN0wADBQP7BS4G6oaxLgiZv49ctLoE i7BKOmxyBJRrCB+PVViVNTPrsB0UjgbTDiyeYQZ35r4lSEvCFTTEdC7jTScM4iyb nlrdDlEHim7Q+vAU9KA8A98h2Lc+5QbX9lxSKhr+ZGU4QV7BMv450Edv0Anj96eF RgjzX0M9a5bR7RPzyW+/MuCIRgQYEQIABgUCN52vbQAKCRAtC8ax+Rt+Jh6HAJkB 3c8JF4/M54kyRhSKIDMw9G/wRQCfaGNVZo+TtxpsrRcQiwvuYrwJWls= =QkEN

-----END PGP PUBLIC KEY BLOCK-----

Penn's policy on emails

Here is a quote from the University's Policy on Privacy in the electronic environment: "...property authorized university officials.... may access e-mail, voice mail or computer accounts in cases of alleged...violations of university policies." Later it goes on to say that "email users may want to consider... encrypting personal messages."2



last updated: $Date: 2007-03-30 03:49:51 -0400 (Fri, 30 Mar 2007) $