On Tue, 29 Nov 1994, Sandy Sandfort wrote:
Here's my suggestion. Eric should unilaterally impose his first step, i.e., all unsigned messages and messages with spoofed signatures will henceforth be flagged as such. Let's see what
Not to point out the obvious or anything, but 99% of the people on this list are inteligent enough to tell if a post is signed or not, and a spoofed sig can be one of two things: a) the actual sender trying to 'give a good impression' or 'see if anyone checks', or b) a third party trying for whatever reason to mislead people into thinking he/she is really somebody else that we know/trust. Situation 'a'? I don't give a damn, let them do what they want. Situation 'b'? Well the person they are spoofing is likely to yell loudly that they didn't write the post in question, and also there have been many times in the past where a signed message goes by and a few hours later several people have posted 'did anyone else get a bad sig check on XXXXX ?' messages... Why should we splater the list with 'flagged' messages so that the small percentage of us who don't (ever) check sigs will have some way of knowing that something was signed? As my father used to say, "The lord helps those who help themselves. Let us go now and do likewise." This seems a little too much like a bit of net.welfare approaching. Added to that, it would be easy enough to hack toad, or somewhere just 'upstream' of toad, and edit out the 'bad sig' flags from selected messages, unless toad.com signed all outgoing messages after flagging them, which considering the list volume would slow that machine down to a crawl. All in all, I think it's too much trouble (for the list admins mostly, but also for those who wouldn't sign their posts but now feel compelled to do so) for a false sense of security. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner@primenet.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------