In article <199412010010.QAA11906@largo.remailer.net>, Eric Hughes <eric@remailer.net> wrote:
Todd's good discussion of social lists addresses well some of the social aspects of a decision to modify the server to do something.
Thank you! At least I've gotten _something_ out of too many years of flamewars... What makes this a difficult issue to call (for me) is that you have partial authority as an "original founder," a much more persuasive position than the bureaucratical "list maintainer" status. So, I retreat to a (much more comfortable) pragmatist stance that you might be able to pull it off, you might not. I'm not (usually) an absolutist: if you decide to do something, I'll deal.
I'll make a prediction: requiring digital signatures will annoy most those people who are independant and don't care to be told that they should at least ostensibly provide a strong identity/posting mapping.
1. Independence. Higher levels of richness (and I mean much more than wealth) require higher levels of interaction. There is a qualitative difference between, on one hand, violence and coercion and, on the other, inducements and interactions. Both can reduce independence. Then again I don't feel that liberty and independence are what I desire most.
I think the question is not whether you desire liberty and independence but whether you desire the company of those who value liberty and independence strongly enough to abandon this forum at the slightest perceived breach of their autonomy. This is an altogether different question that has to do with communicated respect for where other people draw their own ideological lines. Tim's come out strongly against the proposal, as has James. As far as I can see, Tim's the only one that's raised the stakes to the ultimatum, "Do it and I leave" (although it's not clear whether he means the rejection or the slowdown of unsigned posts, and whether he'd instead decide to use an auto-signing service. Tim?) I think that you'll probably be able to pull off some compromise: the one that I like most is that of an independent agent or two, automatically checking all signatures and occasionally admonishing those who don't use them. The former would even be a valuable tool with far wider application than cypherpunks, esp. if written such that it could be used on newsgroups or even over NNTP. The thing that's particularly alluring about the independent agent idea is that you don't have to (ab?)use your position as list maintainer to implement it, thus sidestepping questions from others about whether you have any sort of responsibility to subscribers and/or authority to decide or to avoid enforcing how the people known as "cypherpunks" will interact.
Apropos of one-time use keys, will PGP function properly on a 20 bit modulus? Another non-key would be to generate a short key and post both public and private halves.
It's not clear to me; I'll have to hack some PGP code to generate one, as PGP forces a minimum of a 384 bit modulus at key generation time. I'll probably see how well it works with a 4 or 5 bit modulus: it'd be nice to be able to feasably break the key by hand as an exercise, to underscore the unreliability of the signing agent's signatures.
as I suggested last night, such a list address could be set to automatically sign all posts
Why do I suspect that such a service will be available at cypherpunks@hks.net? I don't mind; I think it would be useful service and entirely compatible with what I want to accomplish.
I actually hadn't been strongly advocating or offering such a service: this discussion has just tapped into several issues that I've been interested in for years, especially having to do with the interactions of technologically powerful peers. At this point, I don't have much of a strong feeling about signing stuff, since I've been thinking of setting up some automatic stuff on my private Amiga UNIX box. Signing c'punks posts is a pain, though, since I read news (incl. cypherpunks) on a non-private machine (IE, other people have accounts on it). OTOH, it sounds like a fun hack to do and I've been working on automatic mail agents, so it should be simple at this point. OTGH, pgp is a bigger cycle-sucker than I necessary want to have running all the time on our poor little microVAXen. If I can get it to deal with smaller keys, then I'll probably do it soon (what the hell). Otherwise, I'll have to wait until my own crypto package (which I described to a deafening silence months ago) is ready. -- Todd Masco | "Roam home to a dome, Where Georgian and Gothic once stood cactus@hks.net | Now chemical bonds alone guard our blond(e)s, cactus@bb.com | And even the plumbing looks good." - B Fuller