-----BEGIN PGP SIGNED MESSAGE----- On Tue, 28 Nov 1995, an impostor posing as Alice de 'nonymous wrote:
On Sun, 26 Nov 1995, Perry E. Metzger wrote:
Someone spoofing Alice, who is either Detweiler or "Dr." Cohen, says:
I have never signed any of my posts to this mailing list and frankly have no intention of beginning at this point.
Well, signed Alice posts have shown up, so we will just have to assume that the above was a spoof and that the signed Alice posts are the real ones, now won't we?
Perry. Normally I try my best to ignore you.
But I will simply repeat, I have never signed a post, and have no intention of beginning to sign any posts, until I establish a secure machine in a secure complex that is dedicated to that purpose.
This insistence on not making use of authentication tools at the same time as whining about people spoofing you is what caused me to assume your identity. You were given ample warning. Consider it a demonstration of why you should do just what you are stubbornly refusing to do: generate yourself a damn key! It is the best way to ensure a persistent persona whilst retaining anonymity.
I like to think that I take my security somewhat seriously.
For a purportedly security conscious impostor, you sure are reluctant to make use of simple authentication tools. Your risk assesment is seriously out of whack too. You do *not* need a secure machine to improve the level of authentication of your posts: signing your posts would provide better authentication than no authentication, even if the machine is not tempest shielded, nor in a secure installation. Finding your machine (we don't know remember), and installing a kernel patch to catch your passphrase as it is typed in, or snag it from PGPs core image is much harder to achieve, even if you are using a multi user system. PGP signing your post will give a much better authentication than people who post from known email addresses; forgeries, and machine breakins are not that hard to effect.
And I would ask whoever DID post the PGP key under my name, to please issue a revocation certificate.
Oh so you do care about authentication :-) An offer: you post your own key, and I'll post a revocation. You might find that people take you more seriously once they know they are talking to a persistent persona. Alice de 'nonymous ... ...just another one of those... P.S. This post is in the public domain. C. S. U. M. O. C. L. U. N. E. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMLsT3obu8OQjKS7RAQE62gQAoTxWo6Dipa1bZeNi5NygZ/9CLJ2pn44s KN2TFWY0n1KPC4tibEM88GOI7vHCCLE8t/XQ2zx5YArjd/7toCidAlUY07vQ6ums sL4J8oV4JDKdpq9WTWaTS/unBww8qBJRVDBHigtiOneIkmu6kfuBEh0JR+a5plfQ 00GQ4SfcyBk= =SAXZ -----END PGP SIGNATURE-----