********************************************************************* *******THIS MESSAGE HAS BEEN SIGNED BY "TIM'S REALLY NEAT SYSTEM"**** ********************************************************************* I see some problems, for me at least: 1. I run MacPGP home machine, and using it is a boring and time-consuming prcess. Many of you know about this. (Ironically, it's more secure for me to run it on my home machine, instead of on Netcom, but it means a lot more work.) 2. I also have plain old PGP running on one of my DOS laptops, and I sometimes use RSADSI's "MailSafe" on this, even to sign. (But not often, that's for sure.) 3. For quick responses, where response time is more important anyway, I cannot see jumping through all these hoops. Ironic, isn't i? 4. If the signatures are not to be verified, or even to be looked at very closely, then the situation presented at the beginning of this message will flourish: phony sigs to beat the delay. 5. Eric alluded to such proliferation being a Good Thing. I think not, as it will trivialize real sigs and will in some sense turn digital sigs into a kind of running joke on the list. Not a good thing, in my view. 6. The sitiuation with L. Dettweiler and S. Boxx, tragicomic as it was, would not have been materially affected. Both would have "signed" their messages in some way and what would then have been accomplished? (In some sense, both _were_ signed: Dettweiler by the origin of his message and the hard-to-spoof "an12070" (or whatever) that S. Boxx used.) While I'm not sure if the LD/S.Boxx situation, and the general claims of "pseudospoofing" are motivating Eric's idea, I certainly don't see a system of "weak" digital sigs (weak meaning no real checking) doing anything. 7. Finally, I have yet to see any serious evidence that this so-called pseudospoofing is going on, that is, that people are pretending to be others. I know Dettweiler _thinks_ that I am using the nyms of Jamie Dinkleacker, Nick Szabo, and others, but this is arrant nonsense. (And to repeat the obvious, as noted above, if I _were_ using other identities in this way, digitally signing the messages would be trivial and would in fact create a false sense of security, as others have also noted.). I've never seen anyone else claim to be me, at least not seriously, nor have I ever suspected such pseudospoofing is actually going on. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.