I've been following the dig sig fracas with great interest. While I can see merit in both sides, the pro-sig argument is weakened by their endorsement of sig spoofing. If the object is to heighten awareness of crypto and digital signatures, what possible Good can follow from setting the example that "cypherpunks simulate signatures"? The way I see it, either sign or don't sign, but attaching a bogus signature block to a message for the sole purpose of pacifying a mailing list requirement diminishes the significance of crypto and sullies the image of all who participate. If sigs are required, then valid sigs should be required. Make a new key pair that's used solely for the purpose of signing your list mailings. Any resulting damage to reputations or egos signed by a pilfered low security key would be no more significant than a forged message left unsigned. By the same token, I don't see how this proposal does much to spread the Good Word. Maybe the sole intent is for the participants to share in the warm, fuzzy feelings of "doing their part". Like flying a kite for peace or dumping red paint on an already-dead furry animal carcass, the primary goal of promoting the proper use of crypto seems less important here than the _perception_ of promoting it. Not everything that feels good is good for you. =D.C. Williams <dcwill@ee.unr.edu>