Mandatory message signing
It's usually a good idea to read for at least a month before leaping into the discussion, so as not to overreact.
I guess so. :)
I thought the whole grassroots crypto thing was about protecting privacy rights and individual liberty and all that. So what if someone wants to post a message to cypherpunks AND DOES NOT WANT ANYONE TO BE ABLE TO PROVE THEY WROTE THE MESSAGE.
Mechanisms for this already exist. For example, register a PGP key to a pseudonym, such as "Dr. Death".
An advantage of doing this is that even though no one really knows who "Dr. Death" is, you can sign messages certifying that yes, the person they know as "Dr. Death" wrote this message. Without this certification, anyone can claim to be "Dr. Death" at any given moment.
Hmmm. But even with a psuedonym like that, people can still claim you were Dr. Death, and Dr. Death will have posted enough stuff about enough things so the Dr. and you can be linked fairly certainly, isn't this right? There's a reason why one should prefer the telephone over mail for many matters. That is, no one can record your call (legally) and prove that you said a certain thing at a certain time, while they can keep your letter and prove you wrote a certain thing. Honestly, the chance of someone posting a fraudulent message under someone else's email address to the cypherpunks list is pretty slim, but that possibility (or the chance that they left their computer on and someone sent something, etc.) leaves you plausible deniability if you ever want it. If one has to sign all their posts with their pgp key, or conversely with a psuedonym generated for the purpose, to me, that's beginning a dangerous practice of using the technology to invade peoples' privacy instead of expand their privacy possibilities. People who want a psuedonym identity and who want their messages to be verified against a PGP signature can easily choose to do so, presently, and if you wanted to, you could append a notice to the end of an unsigned message: NOTE: The preceding message was not accompanied by a digital signature, and its authenticity may be suspect. But I guess I just don't see why people should have to sign their messages under some given key to contribute to the group. Unless you generated and registered a new key for every message you wanted to post, there would still be unforgeable evidence linking you or your psuedonym to a series of posts. And if there was a series of posts from your psuedonym, that increases the chances it could be linked to you. And besides that, you might want to post free and clear and sign your name to it, and forget the hiding behind a psuedonym stuff. Just you don't want to sign the message digitally. This seems like a perfectly valid choice that users should have the privacy rights and freedom to make. Tom
-----BEGIN PGP SIGNED MESSAGE----- Tom Bryce writes: [BTW, welcome to the list]
Hmmm. But even with a psuedonym like that, people can still claim you were Dr. Death, and Dr. Death will have posted enough stuff about enough things so the Dr. and you can be linked fairly certainly, isn't this right?
There is a distinct danger that one can be identified, with a fairly high degree of confidence, by the characteristics of one's writing style. If one holds particularly unusual views, the content of expression may belie one's pseudonymous identity. Altering one's writing style is a nontrivial problem for AI researchers, but a human can do a decent job of it. About all one can do about one's distinguishing _opinions_ is to refrain entirely from posting under one's own name. If you think safe sex with animals (safe bestiality doesn't have the same ring to it ;) should be taught in public schools, and you've posted to that effect, you're simply stuck with the fact that hardly anyone will believe that someone else could be behind a pseudonym which shares that opinion. Basically, if you choose to identify yourself implicitly, that's your problem.
There's a reason why one should prefer the telephone over mail for many matters. That is, no one can record your call (legally) and prove that you said a certain thing at a certain time,
Hold the phone ! As I understand the law, only one party to a telephone call has to be aware of the recording for it to be perfectly legal. Someone not party to the call can't do it, but any one of the people talking can do it.
while they can keep your letter and prove you wrote a certain thing. Honestly, the chance of someone posting a fraudulent message under someone else's email address to the cypherpunks list is pretty slim,
It's happened. Allow me to weigh in on the heart of this signing requirement debate. I don't see a need at present to require dig sigs in messages to the list. I'm nobody's anarchist, but like Blanc I am uncomfortable with the idea of imposing a restriction like this on the rest of the list on principle. Meanwhile, the suggestion that the list software be adapted to verify signatures on incoming messages qualifies the entire discussion as profitable, IMHO. On the theme of transparency and standardization, I think the important thing is to develop a generally applicable patch to Majordomo to handle authentication like this. Ideally, some people would get together with Brent Chapman and incorporate authentication of signed messages in a future release of Majordomo. I'd love to volunteer for a project like this but I don't believe I can spare the time. - -L. Futplex McCarthy; PGP key by finger or server "Don't say my head was empty, when I had things to hide...." --Men at Work -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLtvqe2f7YYibNzjpAQFTsQP/eAd+nmCT+aYJ+gioyLFOz9Vsyw3THwlL UIi+57XrL+SwT+7AHga/upWy1vdos8bEKrV2XWIbaCpda5QoE/34VjfIhkYE5OZB Yq6a1uZ51wAEOV4ynwa9p65VzMMspqb4tSl7KoqiqpjBtaoCGPHsxQp2EhnOk5YM 7S+e+lmgSWA= =ltql -----END PGP SIGNATURE-----
participants (2)
-
L. McCarthy -
Tom Bryce