At 3:12 PM 6/22/96, geoff wrote:

I am not convinced. For a mailing list it makes sense for all members to be aware of message integrity problems. Not all cypherpunks have your lisp package or Pronto Secure which make signature verification of the 10-20 pgp signed messages per day on the list a non trivial task.

I also like the idea that cpunks provides as a byproduct a platform for developers to test and debug their security products. We really should be getting the bugs out of plain text signatures. You cannot expect Joe User to differentiate between an intruder and a gateway massaging the message.

Geoff Klein Pronto Secure Product Manager

Trusting others to perform cryptographic functions (encryption, decrytion, signing, signature verification, etc.) is counter to the usual notions of security. Of course, people are free to ask others to do cryptographic functions for them, to tell them which signatures are valid, and which are not. It's a free society, after all. However, I think there's already enough traffic on this list without having "bounce" messages chastising folks for having signatures that for one reason or another failed their tests. (Could be munging at _their_ end, for example.) Those who want to compile lists of "bad signatures," as determined by their tests, could include a pointer to a URL at their site which says something like "A list of suspected bad or improperly-formed signatures may be found at hyyp://www.key-trust.org" This heads off having a message with a bad sig generating N more messages to the list announcing some conclusion or another about the sig. Not something we need. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."