Re: Signed, anonymous...(was Re: Getting Bush...)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 on Tue, Sep 25, 2001 at 12:40:14PM -0700, Meyer Wolfsheim (wolf@priori.net) wrote:
On Tue, 25 Sep 2001, Karsten M. Self wrote:
Might I ask what the purpose of utilizing hushmail, signing a message, and not having publicly available keys, is?
Future verifiability?
The thought crossed my mind.
It currently isn't possible to publish public Hushmail keys, or import your own.
[demime 0.97c removed an attachment of type application/pgp-signature]
Might I ask what the purpose of signing a message, and sending it to a public list, in a format that causes list software to remove the signature is?
Someone got cluesticks for me WRT cypherpunks list protocol, and/or the cypherpunks listmanager WRT RFC 2015? - -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7sOvvOEeIn1XyubARAmVFAJ91MLY+RZRBeDmuc6FIlEpnuYRwkgCfe34U tT5rsEpFnaxcRvGoJzoah24= =J9Yj -----END PGP SIGNATURE-----
On Tue, 25 Sep 2001, Karsten M. Self wrote:
Future verifiability?
The thought crossed my mind.
This has been discussed multiple times. Tim just mentioned another obvious reason: the key may be held by certain individual readers of the list, but not the public in general. (Not likely to be the case in this particular instance, because of Hushmail's problems, but certainly a valid reason.) Signed messages can become a liability. Why provide potentially dangerous information to those who do not need it?
Someone got cluesticks for me WRT cypherpunks list protocol, and/or the cypherpunks listmanager WRT RFC 2015?
Cluesticks for you WRT mailing lists in general: don't use PGP/MIME. (Hint: try to verify a PGP/MIME signed message in a web archive. Or try to verify it with NAI's Outlook plugin. Or any number of other normally PGP-aware apps. Again, this has been discussed numerous times before.) History will set you free, grasshopper. http://www.inet-one.com/cypherpunks -MW-
On Tue, Sep 25, 2001 at 01:41:24PM -0700, Karsten M. Self wrote:
[demime 0.97c removed an attachment of type application/pgp-signature]
Might I ask what the purpose of signing a message, and sending it to a public list, in a format that causes list software to remove the signature is?
Someone got cluesticks for me WRT cypherpunks list protocol, and/or the cypherpunks listmanager WRT RFC 2015?
Demime eats application/pgp-signature. Configuring it not to is non-trivial, but it's on my list of stuff to do (right after "get a life", so it might be a while...). Until then, or I give up on demime and throw it out, the old-style PGP sigs still work, as you showed. Only the lne CDR uses demime. Eric
participants (3)
-
Eric Murray
-
Karsten M. Self
-
Meyer Wolfsheim