Authentication at toad.com: WTF?
Does the idea of having the list software check signatures strike anybody else as a Bad Idea? Signatures should be checked locally by the recipient -- otherwise one might as well ask the sender to include a statement stating whether or not a message is authentic and should be believed. I wouldn't want to see cypherpunks being used to propogate this false security -- majordomo can no more be trusted, as an external agent, than a message's sender.
L. Todd Masco wrote:
Does the idea of having the list software check signatures strike anybody else as a Bad Idea? Signatures should be checked locally by the recipient -- otherwise one might as well ask the sender to include a statement stating whether or not a message is authentic and should be believed. I wouldn't want to see cypherpunks being used to propogate this false security -- majordomo can no more be trusted, as an external agent, than a message's sender.
I absolutely agree. Having a central "Signing Authority" (analogies with Turing Authority?) is a step backward. Single-point failures and all that, vs. the distributed, end-user, local process. If the intent of a "Compelled Signature" (tm) policy is to get people used to signing messages, why not get them used to _verifying_ sigs as well? (I suspect fewer than 1% of all messages have their sigs checked.) Very loosely speaking--and with no imputations of motives, ideology, natch--such a central signing authority could play into the hands of those on the Net today who are talking about forcing all Net users to "identify themselves" clearly. Imagine the P.R. value to these Net.Cops: "But even the Cypherpunks require all posts to be signed!." I say we stick to the anarchy which has worked so well. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
From: "Timothy C. May" <tcmay@netcom.com> Date: Wed, 30 Nov 1994 13:14:36 -0800 (PST) I suspect fewer than 1% of all messages have their sigs checked. What do you mean? If you mean that fewer than 1% of the signed messages that are sent to cypherpunks, you're almost certainly incorrect. I read over 1% of the messages on this list and if a message is signed, with either a header signature or a big-ugly-block signature, it's checked before I get to read it. If you count seperate deliveries as seperate messages then you're almost certainly correct, although it seems like an uninteresting data point. If you're talking about clear-signed messages sent to the net as a whole rather than just this list, I think it's an interesting question, but I can't imagine what you're basing your suspicion on. Rick
From: tcmay@netcom.com (Timothy C. May) If the intent of a "Compelled Signature" (tm) policy [...] Putting it in quotes doesn't prevent it from being a misrepresentation. Are you saying that adding notifications and delays is compulsion, or not? [...] is to get people used to signing messages, why not get them used to _verifying_ sigs as well? If the crypto hooks are there for sending mail, you're more than halfway there for receiving mail. And yes, this is also something to encourage. Your argument can be construed to say that since I can't encourage signature checking, that I should add that to my list of requirements. I've been pretty vocal about my desire for partial benefit short of what is possible. If server actions don't help signature checking, OK, well then, they don't, ca va. Imagine the P.R. value to these Net.Cops: "But even the Cypherpunks require all posts to be signed!." If the net cops are going to acknowledge a merit in a cypherpunks position, I say let them. The opportunity to educate the other listeners that signatures are not the same as personal identity is an opportunity not to be missed, especially when your opponent hands it to you. Eric
Eric Hughes wrote:
From: tcmay@netcom.com (Timothy C. May)
If the intent of a "Compelled Signature" (tm) policy [...]
Putting it in quotes doesn't prevent it from being a misrepresentation.
Are you saying that adding notifications and delays is compulsion, or not?
First of all, I am generally commenting on this: "I am still considering the "sign-or-delay" proposal for the toad.com server, that is, sign your articles to the list or they'll be delayed and eventually rejected." [Eric Hughes, 1994-11-28] "Eventually rejected" mean to me that unsigned messages will not be passed through to the list. I call this a "compelled signature" in that the signature is compulsory, not optional. (We hopefully can avoid splitting semantic hairs about what "compelled" or "compulsory" means. A Driver's License is compulsory to drive, though one is free not to drive. If the "eventually rejected" situation is reached, then a digital sig is compelled in this sense; that one is free to leave the list or not to write posts does not significantly change this compulsory or compelled nature.)
Imagine the P.R. value to these Net.Cops: "But even the Cypherpunks require all posts to be signed!."
If the net cops are going to acknowledge a merit in a cypherpunks position, I say let them. The opportunity to educate the other listeners that signatures are not the same as personal identity is an opportunity not to be missed, especially when your opponent hands it to you.
I strongly disagree with this. If a "Cypherpunks position" happens to be wrong (as many of us think is the case with this "sign your posts or face delay an, eventually, rejection")), then it is not automatically good that Net.Cops see it and respond to it. I say a system which sets up a person or site as arbiter of what is signed and what is not is counterproductive to our goals. It plays into the hands of those who wish to ban anonymous posts. (Clearly I am not saying that the Hughes proposal is a plane to ban anonymous posts, only that the "all posts should be signed" notion is very similar to Net.Cop proposals to associate all posts with personal identity. That the latest explication of the Hughes proposal says that the emphasis will be on _syntactic_ checking, and not actual verification, is a subtlety far beyond the Net.Cops who want real Signature Authorities to validate Citizen-Units messages.) In other messages this morning I have made my points about user-to-user verification being what is important. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
From: tcmay@netcom.com (Timothy C. May) First of all, I am generally commenting on this: "I am still considering the "sign-or-delay" proposal for the toad.com server, that is, sign your articles to the list or they'll be delayed and eventually rejected." [Eric Hughes, 1994-11-28] Tim, I've not been referring to that exact proposal for some time now. In very specific detail, I have dropped the premise that they might be rejected. This happened almost immediately after this recent discussion began. I wanted to restrict discussion to what might be implemented first to avoid the (alas, unavoided) less than productive discussions about what could happen later. Was I insufficiently clear that I was now discussing a smaller proposal? What I see is that you are refusing (by omission) to address the subject at hand. I see a direct, if not intentional, effort to address something that is not what I have been talking about. "Eventually rejected" mean to me that unsigned messages will not be passed through to the list. I call this a "compelled signature" in that the signature is compulsory, not optional. This is all well and good, but it is on a different but related subject. I ask again the quetion that I specifically asked before. I'll even not abbreviate to be clear that I'm actually asking for two things. Does a marking action by the server create a compulsion to sign? Does a delay action by the server create a compulsion to sign? Eric
From: "L. Todd Masco" <cactus@hks.net> Does the idea of having the list software check signatures strike anybody else as a Bad Idea? You mean, like the proposer (me)? I think it _would_ be a bad idea to have the server check all signatures, and I said so last night. That's why I only plan on doing syntactic checks. Steve Witham understands this. Steve, didn't you used to fake all of your sigs, from the last time this got discussed? Eric
In article <199412010019.QAA11912@largo.remailer.net>, Eric Hughes <eric@remailer.net> wrote:
From: "L. Todd Masco" <cactus@hks.net>
Does the idea of having the list software check signatures strike anybody else as a Bad Idea?
You mean, like the proposer (me)?
Sorry, I wasn't implying that you liked the idea: there are others on the list who've been advocating this. -- Todd Masco | "Roam home to a dome, Where Georgian and Gothic once stood cactus@hks.net | Now chemical bonds alone guard our blond(e)s, cactus@bb.com | And even the plumbing looks good." - B Fuller
participants (5)
-
cactus@bb.hks.net -
eric@remailer.net -
L. Todd Masco -
Rick Busdiecker -
tcmay@netcom.com