Re: Bad PGP Key from Microsoft Security Response Center

From: Bronek Kozicki (
Date: 07/19/01


I asked if they know about the problem, here's their


Hello -

Thanks for your email. We have had problems with signing our bulletins
over the last six months. We always verify that the comback email from
the listserver verifies as GOOD, however, once we approve it to be
released, the sig is corrupted by the listserv. (This happens from time
to time depending on the formatting of the email - we are working with
lsoft to figure out a solution.)

However, it's really not too much of a concern. Our emails do not
contains patches, nor do they contain links to patches (as the fake
bulletins do.) Our emails only contain a link back to the Microsoft web
site where we encourage users to read the entire security bulletin and
take the actions discussed there. In fact, we have discussed whether we
even need to sign the emails as they don't contain links to anything but
our website - we consider the email simply a "notification" that there
is a bulletin on the website that should be read. That being said, we
are working on solutions to ensure that future emails can be verified as
Good signatures.


From: "Henry Sieff" <>
> Same results here. I just redownloaded their key from their web site a
> few seconds ago and I get the same thing. . .

> > From: Shaun Jamieson []
> > I got the same results. I got a Status: BAD on MS01-038 and
> > good on all
> > previous ones. I wonder what's up?

> > From: Zechariah Harvey []
> > All other bulletins' signatures came out with the status "good". I
> do
> > have the key and Have it marked as Valid and Trusted. Would anyone
> be
> > able to confirm/deny my worries about something of this nature?