Key Servers

Mark W. Eichin eichin at paycheck.cygnus.com
Thu Nov 18 00:54:28 PST 1993


"MR EICHIN"? gee, last time I saw my name written that way (all caps,
no punctuation on the abbreviation) was from a direct mailing database
program. I half expected to see it followed by "You may have already
won" :-) Before I continue, I'd like to indicate that I find this
discussion interesting, which is why I'm continuing to cc you, Mr.
Detweiler; however, if you'd rather I didn't continue, please let me
know.

But enough of that. Please tell me, MR LD231782, if whomever you got
your Internet email server from ever informed you that the email
addresses might have *nothing* to do with the names they claimed to
be? Malicious or otherwise? [To be fair, *my* network provider actually
does have some intro documentation that explains how insecure email
actually is... but they're unusual in other ways.] The point I'm
trying to make is that the Keyserver is no more guilty for not
mentioning it than your email provider is. Perhaps this is because
they are both assuming (perhaps incorrectly) that you cannot base
trust on machinery. Machinery might help propagate existing trust...
but the trust must start with the people involved (and by that I mean
the entities themselves, *not* the service maintainers.) In case it
wasn't clear, I'm just responding to your point:
 >> why is it that the policy that ANYTHING GOES is NOT MADE CLEAR in
 >> KEYSERVER POLICY DOCUMENTS?
in reference to the "policy documents" of everything else on the net.

For that matter, do you care that if you saw one message in Time
Magazine, you might see a similar message in an statement from Warner
Cable[*], or a number of related places -- because they're all owned by
the same conglomerate? Forget Medusa. Think Warner, Beatrice, TCI, and
other big meta-everything companies, who only *look* like distinct
"individuals" (corporations are individuals in the eyes of the law,
enabled by one of the later amendments...) while in fact they're only
really "tentacles" of a bigger one? 

[*] I attempt to use the subjunctive here to make a point, not to
claim any actual behaviour of Time-Warner Inc. There are better
examples of this sort of thing anyhow. Sorry I don't have any handy
that are documented well enough...

(Actually, doesn't the FCC already have something to say about this?
something like you can do it as long as you don't own *all* of the
media in an area, but several of each is ok?)

There was a long discussion on another mailing list (with only a
slightly higher S/N than this one, but far more politics, as the vocal
membership includes employees of NSF, CIA, ANS, IBM, STD and other
TLA's :-) about someone who was posting from an address in their name
representing a political project from an educational site. Someone
else was curious about this, and contacted the postmaster. They
contacted the account owner, and had some time of figuring out what
was going on... turns out it was the *reverse* of PSEUDOSPOOFING,
namely, there was one account with *several* true names behind it. (It
was "exposed" because they didn't "keep their stories consistent" or
something like that.)

Now, do you find this reverse-PSEUDOSPOOFING (I leave the upper case
letters since I've never seen the world spelled without them)
objectionable as well? I'm not trying to set up a semantic trap here
or anything, I'm just trying to understand the bounds of the issue,
and get some idea what you see as ok, and what you see as
"flabbergasting." I reject the idea that just because you perceive
something that "many people might" perceive it the same way... so
please don't try to generalize, just let me know what *you* think.
Thanks.
				_Mark_ <eichin at paycheck.cygnus.com>
				... or at least I might be...







More information about the cypherpunks-legacy mailing list