Re: Cypherpunk Certification Authority
On Sun, 26 Nov 1995, Perry E. Metzger wrote:
Someone spoofing Alice, who is either Detweiler or "Dr." Cohen, says:
I have never signed any of my posts to this mailing list and frankly have no intention of beginning at this point.
Well, signed Alice posts have shown up, so we will just have to assume that the above was a spoof and that the signed Alice posts are the real ones, now won't we?
Perry. Normally I try my best to ignore you. But I will simply repeat, I have never signed a post, and have no intention of beginning to sign any posts, until I establish a secure machine in a secure complex that is dedicated to that purpose. I like to think that I take my security somewhat seriously. And I would ask whoever DID post the PGP key under my name, to please issue a revocation certificate.
Perry
Alice de 'nonymous ... ...just another one of those... P.S. This post is in the public domain. C. S. U. M. O. C. L. U. N. E.
Someone pretending to be Alice has said:
On Sun, 26 Nov 1995, Perry E. Metzger wrote:
Well, signed Alice posts have shown up, so we will just have to assume that the above was a spoof and that the signed Alice posts are the real ones, now won't we? [...] But I will simply repeat, I have never signed a post,
Perhaps *you* have never signed a post, but how do we know who *you* are. You could be someone we've never heard from before. Anyone could be putting the Alice de 'nonymous signature on the bottom of something they've written. The only way to know for sure is digital signatures.
And I would ask whoever DID post the PGP key under my name, to please issue a revocation certificate.
How do we know you aren't just spoofing us? .pm
| > Well, signed Alice posts have shown up, so we will just have to assume | > that the above was a spoof and that the signed Alice posts are the | > real ones, now won't we? | | Perry. Normally I try my best to ignore you. | | But I will simply repeat, I have never signed a post, and have no | intention of beginning to sign any posts, until I establish a secure | machine in a secure complex that is dedicated to that purpose. When did PGP claim to be perfect? Its not; and the point is not to obtain 100% confidence in someone, but a useable level of confidence. If the remailer chains work, then it would be tough to find out who you are. If we do find out who you are, your integrity shell will tell you that your PGP binary was tampered with. If we don't know who you are, then your machine is safe from just about anything other than a thorough sweep of all the net connected users in Canada. So, please explain the threat that causes you to think that 'pretty good' is worthless in this context. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (3)
-
Adam Shostack -
anonymous-remailerï¼ shell.portal.com -
Perry E. Metzger