Re: Signed, anonymous...(was Re: Getting Bush...)
on Tue, Sep 25, 2001 at 02:22:25PM -0700, Meyer Wolfsheim (wolf@priori.net) wrote:
On Tue, 25 Sep 2001, Karsten M. Self wrote:
Future verifiability?
The thought crossed my mind.
This has been discussed multiple times. Tim just mentioned another obvious reason: the key may be held by certain individual readers of the list, but not the public in general. (Not likely to be the case in this particular instance, because of Hushmail's problems, but certainly a valid reason.) Signed messages can become a liability. Why provide potentially dangerous information to those who do not need it?
I suppose this has also been discussed, but if anyone has a favorite compelling argument I'd be interested in seeing it.
Someone got cluesticks for me WRT cypherpunks list protocol, and/or the cypherpunks listmanager WRT RFC 2015?
Cluesticks for you WRT mailing lists in general: don't use PGP/MIME. (Hint: try to verify a PGP/MIME signed message in a web archive.
Several Web archives include signatures. Checking, e.g.:, debian-user, I found I couldn't validate my own posts. However, archives in mbox format with full text of mail as received should work. I can think of several compelling arguments for supporting signed list messages, should the sender wish to sign. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html [demime 0.97c removed an attachment of type application/pgp-signature]
On Tue, 25 Sep 2001, Karsten M. Self wrote:
I suppose this has also been discussed, but if anyone has a favorite compelling argument I'd be interested in seeing it.
Check the archives for such discussions.
Several Web archives include signatures. Checking, e.g.:, debian-user, I found I couldn't validate my own posts. However, archives in mbox format with full text of mail as received should work.
Most archives don't work that way. You will not be able to verify PGP/MIME messages in the majority of web archives available, nor will you be able to verify them with the majority of email clients available.
I can think of several compelling arguments for supporting signed list messages, should the sender wish to sign.
Certainly. However, those people should use RFC 2440 signed messages, not 2015. This was discussed extensively on this list sometime in the past year, so I was not going to go into it again. If you're still confused on the topic, you can read the past discussions. For instance: Tim May <tcmay@got.net> wrote:
If messages are signed, great care should be taken to ensure that the signatures do not in any way interfere with the normal presentation of good old ASCII text, the lingua franca of the online world.
Declan McCullagh <declan@well.com> wrote:
But there seems to be little benefit to (a) signing messages, though this admittedly a personal issue and (b) using MIME types when some mailreaders will not support them. Heck, even leaving aside the Eudora problem, MIME attachments would pose problems if I want to use /bin/mail in a pinch.
petro <petro@bounty.org> wrote:
Of course, [Mutt] doesn't play well with others, but that's common.
You can read the entire tread here: http://www.inet-one.com/cypherpunks/dir.2000.12.04-2000.12.10/msg00006.html (I found it in about 30 seconds with google.)
[demime 0.97c removed an attachment of type application/pgp-signature]
Snicker. -MW-
participants (2)
-
Karsten M. Self -
Meyer Wolfsheim