Re: The Market for Crypto--A Curmudgeon's View
-----BEGIN PGP SIGNED MESSAGE----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Did anyone but me notice that Eric Hughes and Tim May have reached a consensus in the on-going debate about signed posts? Tim says, "your house, your rules" and acknowledges that Eric is the de facto boss of the list. Tim expresses no real objection to Eric's first step except in a "slippery slope" sort of way. Personally, I'm against mandatory digitally signatures as a rerequisite for posting to Cypherpunks. On the other hand, I like the idea of having the list software automatic verify digital signatures. This is a valuable service I'm usually too lazy to perform for myself. Here's my suggestion. Eric should unilaterally impose his first step, i.e., all unsigned messages and messages with spoofed signatures will henceforth be flagged as such. Let's see what effect, if any, that has on the way people post their messages. After the protocol has been in effect for some time, we can re-open the topic for further discussion. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLtulbk5ULTXct1IzAQERKQP/QKtfYC1MNpvxTNPeLTlxJeAcFiTrufKi M3I0vpH3gXRDZeeL+ff/8YyRbkDgYZEOu6Si/fZuiWWZCYNmAQb22QaQ9riW6amq ghIybvhd66i7rOntNIkcXOAGtk6rBJ8AVc3lFqmGEYBRW2p/+mATsAFaJ7Agj5K9 L9nc34T6Mb0= =sDH7 -----END PGP SIGNATURE-----
On Tue, 29 Nov 1994, Sandy Sandfort wrote:
Here's my suggestion. Eric should unilaterally impose his first step, i.e., all unsigned messages and messages with spoofed signatures will henceforth be flagged as such. Let's see what
Not to point out the obvious or anything, but 99% of the people on this list are inteligent enough to tell if a post is signed or not, and a spoofed sig can be one of two things: a) the actual sender trying to 'give a good impression' or 'see if anyone checks', or b) a third party trying for whatever reason to mislead people into thinking he/she is really somebody else that we know/trust. Situation 'a'? I don't give a damn, let them do what they want. Situation 'b'? Well the person they are spoofing is likely to yell loudly that they didn't write the post in question, and also there have been many times in the past where a signed message goes by and a few hours later several people have posted 'did anyone else get a bad sig check on XXXXX ?' messages... Why should we splater the list with 'flagged' messages so that the small percentage of us who don't (ever) check sigs will have some way of knowing that something was signed? As my father used to say, "The lord helps those who help themselves. Let us go now and do likewise." This seems a little too much like a bit of net.welfare approaching. Added to that, it would be easy enough to hack toad, or somewhere just 'upstream' of toad, and edit out the 'bad sig' flags from selected messages, unless toad.com signed all outgoing messages after flagging them, which considering the list volume would slow that machine down to a crawl. All in all, I think it's too much trouble (for the list admins mostly, but also for those who wouldn't sign their posts but now feel compelled to do so) for a false sense of security. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner@primenet.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- <Stay-Puft Marshmallow Man Endangerment mode _engaged_, for the first time in a while> Christian Douglas Odhner writes:
Why should we splater the list with 'flagged' messages
It's entirely unclear to me how adding a line or two to the header of each list message could possibly be construed as splattering anything. At least, I didn't see any mention of the scheme involving mailing of form letter advisories to the list for each invalid dig sig, accompanied by an increase in DEFCON.
so that the small percentage of us who don't (ever) check sigs ~~~~~~~~~~~~~~~~ What's your evidence for this ? I'm inclined to doubt this, but I can't see any empirical point to which anyone could point.
will have some way of knowing that something was signed? As my father used to say, "The lord helps those who help themselves. Let us go now and do likewise."
(I would have been out the door within the first few words. YMMV. ;)
This seems a little too much like a bit of net.welfare approaching.
Oh, puhleeeze ! I sincerely hope that was sarcastic, but I don't believe it was. Automated checking of digital signatures by mailing list management software constitutes a form of *welfare* in your book ??? Why should we be so pampered with an automated mailing list, anyway ? If we were really K00L, we'd have to pursue the list traffic actively on the net, ideally with a homemade packet sniffer. If you can't design and build your car from scratch, you shouldn't be allowed to drive it. Oh, you must have stress-tested the parts yourself, too.
Added to that, it would be easy enough to hack toad, or somewhere just 'upstream' of toad, and edit out the 'bad sig' flags from selected messages,
Feel free to be an 3L33T HAK'R D00D, but I'll cheerfully middle-digit you if you try to tell me I have to code everything in assembly language.
All in all, I think it's too much trouble (for the list admins mostly,
Eric, the list admin, seems to be by far the most enthusiastic campaigner for this plan to date. [...]
for a false sense of security.
Are you saying you know a convenient way to forge, say, PGP signatures ? If not, I don't understand your claim here. <Stay-Puft Marshmallow Man Endangerment mode _disengaged_> Personal anecdote time: I've been trying to promote the use of dig sigs at my site. I happen to be in charge of sending a broadcast message each Monday morning to announce the dept.'s official weekly coffee rendezvous. I pretty much have carte blanche w.r.t. the content of the messages, which means I have to restrain myself mightily from ramming my foot down my own throat. Anyway, when I started PGP-signing all my mail a few weeks ago, I naturally began to sign these broadcast messages. Sure enough, I've received more feedback and curious queries about the signatures than anything else I've ever written. The short point of this overlong narrative is that leading by example can have a significant effect, and shouldn't be dismissed lightly as a means of raising crypto awareness. Reiterating, I eagerly support the notion of automatic dig sig validation by the list software. Right now, I'd mostly like to see an end to this torrent of meta-mail on the list about delaying unsigned messages. Perhaps we could delay all messages *about* delaying unsigned messages ;} - -L. Futplex McCarthy; PGP key by finger or server "Don't say my head was empty, when I had things to hide...." --Men at Work -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLtyEdmf7YYibNzjpAQEo6wQA3GCqJ+iy9TDajUvTjW5NG0qbZnHNI0fb wAJwjE/QNhsplbJjUq98X+/RWCCiuMggSqAWvjoDjqqrQuzHls0am19hybd+JX5u 2xiodRwK1yChRujaARbSkW5gR4piltbqtPtJ5Pzh17s+ySNGOi9/G077jISpLHHW oYeXmVXNjaI= =oFg6 -----END PGP SIGNATURE-----
From: "L. McCarthy" <lmccarth@ducie.cs.umass.edu> Personal anecdote time: I've been trying to promote the use of dig sigs at my site. [...] The short point of this overlong narrative is that leading by example can have a significant effect, and shouldn't be dismissed lightly as a means of raising crypto awareness. This is exactly the kind of communication I want to promote. Communication by allowing others to observe your actions can be far more powerful than abstract arguments in favor of that action. Eric
participants (5)
-
Christian Odhner -
eric@remailer.net -
L. McCarthy -
Sandy Sandfort -
W. Kinney