Shouldn't "toad" messages be signed?
---BEGIN PGP SIGNED MESSAGE--- This message originates at "toad.com" and is hereby signed by the Cypherpunks Signature Authority: ---BEGIN PGP SIGNED MESSAGE--- It seems clear to me that by the logic of this thread, *all* messages passing through toad to us should naturally be _signed_. After all, how do we know if an "approved" message has indeed passed through toad? Someone else could be spoofing the account. If we are to place additional trust in toad.com, via the proposed checking of sigs, then toad itself should sign all messages! This will produce nested sigs, as I attempted to illustrate above (apologies if I got the precise syntax wrong). And (at least) two full sig blocks at the bottom (not illustrated here). At the least, short messages will become quite a bit longer. And will today's tools allow easy extraction of first the toad sig, then the enclosed sig? Seems to me that if Eric wants to start encouraging use of sigs, that a good first start would be for toad to sign all messages. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
From: tcmay@netcom.com (Timothy C. May) It seems clear to me that by the logic of this thread, *all* messages passing through toad to us should naturally be _signed_. Perhaps someone else's logic. Not mine. I'm not talking about putting cryptographic material on toad. There are not only key distribution problems (for sig checking) but also security problems (for sig making). I've stated clearly two or three times now that I was planning to use syntactic and not cryptographic recognition. After all, how do we know if an "approved" message has indeed passed through toad? Someone else could be spoofing the account. This is specious. The server exists as a communication mechanism, not as an authentication mechanism. Were the list restricted, either in acceptance or in transmission, it would have authentication properties. It's not, and it doesn't. This will produce nested sigs, as I attempted to illustrate above (apologies if I got the precise syntax wrong). The precise syntax doesn't matter. The nesting problem is a weakness in PGP, which can't add on a second signature to the block at the bottom of a clearsigned message. And will today's tools allow easy extraction of first the toad sig, then the enclosed sig? I doubt it. On the other hand, my original proposal was to encourage the _making_ of signatures, not their checking. If you insist that my proposal includes checking as a basic element, you'll be arguing against a straw man. Seems to me that if Eric wants to start encouraging use of sigs, that a good first start would be for toad to sign all messages. What Eric wants to very specifically encourage is the making of signatures on outgoing posts. Anything else is a bonus, not a premise to find inconsistency in. Eric
participants (2)
-
eric@remailer.net -
tcmay@netcom.com