"MR EICHIN"? gee, last time I saw my name written that way (all caps, no punctuation on the abbreviation) was from a direct mailing database program. I half expected to see it followed by "You may have already won" :-) Before I continue, I'd like to indicate that I find this discussion interesting, which is why I'm continuing to cc you, Mr. Detweiler; however, if you'd rather I didn't continue, please let me know. But enough of that. Please tell me, MR LD231782, if whomever you got your Internet email server from ever informed you that the email addresses might have *nothing* to do with the names they claimed to be? Malicious or otherwise? [To be fair, *my* network provider actually does have some intro documentation that explains how insecure email actually is... but they're unusual in other ways.] The point I'm trying to make is that the Keyserver is no more guilty for not mentioning it than your email provider is. Perhaps this is because they are both assuming (perhaps incorrectly) that you cannot base trust on machinery. Machinery might help propagate existing trust... but the trust must start with the people involved (and by that I mean the entities themselves, *not* the service maintainers.) In case it wasn't clear, I'm just responding to your point:
why is it that the policy that ANYTHING GOES is NOT MADE CLEAR in KEYSERVER POLICY DOCUMENTS? in reference to the "policy documents" of everything else on the net.
For that matter, do you care that if you saw one message in Time Magazine, you might see a similar message in an statement from Warner Cable[*], or a number of related places -- because they're all owned by the same conglomerate? Forget Medusa. Think Warner, Beatrice, TCI, and other big meta-everything companies, who only *look* like distinct "individuals" (corporations are individuals in the eyes of the law, enabled by one of the later amendments...) while in fact they're only really "tentacles" of a bigger one? [*] I attempt to use the subjunctive here to make a point, not to claim any actual behaviour of Time-Warner Inc. There are better examples of this sort of thing anyhow. Sorry I don't have any handy that are documented well enough... (Actually, doesn't the FCC already have something to say about this? something like you can do it as long as you don't own *all* of the media in an area, but several of each is ok?) There was a long discussion on another mailing list (with only a slightly higher S/N than this one, but far more politics, as the vocal membership includes employees of NSF, CIA, ANS, IBM, STD and other TLA's :-) about someone who was posting from an address in their name representing a political project from an educational site. Someone else was curious about this, and contacted the postmaster. They contacted the account owner, and had some time of figuring out what was going on... turns out it was the *reverse* of PSEUDOSPOOFING, namely, there was one account with *several* true names behind it. (It was "exposed" because they didn't "keep their stories consistent" or something like that.) Now, do you find this reverse-PSEUDOSPOOFING (I leave the upper case letters since I've never seen the world spelled without them) objectionable as well? I'm not trying to set up a semantic trap here or anything, I'm just trying to understand the bounds of the issue, and get some idea what you see as ok, and what you see as "flabbergasting." I reject the idea that just because you perceive something that "many people might" perceive it the same way... so please don't try to generalize, just let me know what *you* think. Thanks. _Mark_ <eichin@paycheck.cygnus.com> ... or at least I might be...