L. Todd Masco wrote:
Does the idea of having the list software check signatures strike anybody else as a Bad Idea? Signatures should be checked locally by the recipient -- otherwise one might as well ask the sender to include a statement stating whether or not a message is authentic and should be believed. I wouldn't want to see cypherpunks being used to propogate this false security -- majordomo can no more be trusted, as an external agent, than a message's sender.
I absolutely agree. Having a central "Signing Authority" (analogies with Turing Authority?) is a step backward. Single-point failures and all that, vs. the distributed, end-user, local process. If the intent of a "Compelled Signature" (tm) policy is to get people used to signing messages, why not get them used to _verifying_ sigs as well? (I suspect fewer than 1% of all messages have their sigs checked.) Very loosely speaking--and with no imputations of motives, ideology, natch--such a central signing authority could play into the hands of those on the Net today who are talking about forcing all Net users to "identify themselves" clearly. Imagine the P.R. value to these Net.Cops: "But even the Cypherpunks require all posts to be signed!." I say we stick to the anarchy which has worked so well. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay