Roy M. Silvernail wrote:
"Plenty of irons in the fire" is indeed the crucial point. Learning how to make UQWK talk to AutoPGP in elm (or whatever) is apparently fine for some people (by my estimate, 20% of those who post), but many of the most valued (who shall remain nameless here) posters are *not* signing posts. I urge you all to watch who signs and who doesn't.
It may just be that it's early and I'm only on my first cup of coffee, but are you suggesting an inverse correlation between the quality of a submission and the presence of a signature, Tim? While I'd agree that many of the quality list members don't sign their articles, I don't think I can make the leap that signed messages have no useful content. Please tell me I misread you.
No, I didn't propose such a correlation. Just a reminder that _many_ active posters are not routinely, or ever, signing. This is probably not due to a minor (few second) delay but, rather, to much large hassles (discussed here often, but having to do with editors on remote machines not having access to PGP tools and keys on local machines--this can be solved by moving the PGP onto the remote machine or by sending the file to local machines with sz, etc.).
Face it, some fraction of people on this list are gearheads, with their own Pentiums or Suns sitting on the Net and with lots of Unix/Linux tools they like to play with and that they can use to compile their premails and procmails and whatnot. More power to them.
Or perhaps just a lowly 486 running DOS and UUCP. But I heard that Cypherpunks Write Code, so I wrote PGP support into my signature controller. I have signed all my email for 2 years, and all net traffic for nearly a year. Gearhead? Perhaps I am. But this ain't no Porsche.
Like I said, "more power to them." I haven't gone this route, and face, under the proposed system(s), delays and perhaps bounces. For many reasons I think this is an unwise proposal.
Which only underscores the need for better tools for the existing platforms. Yes, I'd like everyone to sign their traffic. But it's not always possible when the tools to do that are either non-existant or arcane (which means I'm in agreement with Tim on why he doesn't sign his traffic).
You've just answered your earlier points. Let me recount something that hasn't been mentioned on the list. At the last Cypherpunks meeting, well-known Unix gearhead Raph Levien demonstated his premail work: nearly transparent encryption, decryption, remailing integrated into "pine," a mailer. Something this "simple" (no insult to the work meant...I mean simple in the sense that it is conceptually obvious and expected) drew oohs and aahs from the generally savvy attendees. It tells us something. (Yes, I may consider switching from my favored mail reader, elm, to pine. But not soon, and maybe not ever.)
Tim, just for fun, what tools would need to appear to make it possible for you to sign your traffic? Maybe a description will inspire some of the Macheads out there to get hacking. (the astute reader will note that I'm not suggesting new tools to the erstwhile Mr. May, as has been done so often in the past)
Others have touched on this. MIME stuff, mail wrappers, etc. There are three main worlds to consider: 1. Users on their own secure machines, composing, signing, and encrypting with tools on their own machine. Completed messages are either mailed (e.g., Eudora, dial-up) or are otherwise send directly (boxes sitting on the Net via SLIP, PPP, TIA, etc.) 2. Users who do some of their work on secure machines (perhaps at home) but log in to remote machines that are not secure against packet sniffers, snooping sysadmins, subpoenas (which may not even be disclosed to the target, as in cases involving money transfers, drug cases, etc.). 3. Users who do most of their work on unsecure machines outside their control. Most corporate users who use corporate machines. Most university students with campus accounts. PGP can and is used in all of these worlds. #1 is taken care of by lots of tools. (And if I limited my mail to Eudora, I could cope moderately well. But I don't even have Eudora running on my new Mac configuration yet, and I favor reading mail while logged-on to Netcom. Also, signing Netnews articles--not the topic of current debate--is not addressed. #2 is where additional tools are needed. A useful tool: agent-like technology that could "reach back" with a zmodem-like squirting of text to the local/home machine, do the sigs and encryption, and then squirt back the processed text. (Ironically, short messages are moderately easy for me to verify, as I can select the displayed text and use cut-and-paste. So long as all the text is visible. Longer text messages require that I somehow get the text--often by using sz to send it to my local machine--and this typically takes more steps and requires more choices than I want to deal with.). #3 users are probably happy in their ignorance and have others to help them with setups and configs. That so many students are diligent about signing their messages--on "foobar.edu"--says a lot about the spread of tools, helps, and common set of tools (e.g., everybody may be using 4.3 BSD and the same core set of editors and mailers). I am dismissive of #3 because it's toy security. Not a foundation to build on. But OK for students. Or employees. Or casual use. Enough for now. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay