At 18:12 6/22/96, geoff wrote:
Further, it makes philisophical/political sense to me to have verification distributed. Every node should be doing it's own security.
I am not convinced. For a mailing list it makes sense for all members to be aware of message integrity problems. Not all cypherpunks have your lisp package or Pronto Secure which make signature verification of the 10-20 pgp signed messages per day on the list a non trivial task.
If you think about the issue in more detail, you will realize that having a third party do signature verification is no more useful than having a third party do your encryption for you. In other words, not only is it not useful, it is downright dangerous, since it provides you with a false sense of security. If someone wishes to bounce messages that don't verify back to the originator, great. But please do not further add to list traffic by bouncing these messages to the list. Thanks, -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred. Disclaimer: My opinions are my own.