EFF gun-shy of legally employing PGP

Anonymous nowhere at bsu-cs.bsu.edu
Thu Mar 17 09:15:17 PST 1994

Newsgroups: alt.2600,comp.org.eff.talk
From: grady at netcom.com (Grady Ward)
Subject: Re: "Porn Press Release" from EFF is a Hoax
Message-ID: <gradyCMtHxp.M6L at netcom.com>
Followup-To: alt.2600,comp.org.eff.talk
Organization: Moby lexical databases
X-Newsreader: TIN [version 1.2 PL1]
References: <CMI2AL.uAD at sernews.raleigh.ibm.com> <2m2mou$mp1 at eff.org> <1994Mar15.170955.21185 at nntpd2.cxo.dec.com> <2m5p3f$gt4 at agate.berkeley.edu>
Distribution: inet
Date: Thu, 17 Mar 1994 16:32:13 GMT
Lines: 78

Steve Pope (spp at zabriskie.eecs.berkeley.edu) wrote:
: page at solvit.enet.dec.com (My name is...) writes:

: > Yes, but the point of the reply, is that PGP signatures SHOULD
: > be used by sysops.

: Hmmm... why PGP, as opposed to the FIPS Digital Signature Standard?

: Is the latter not in place yet?

Yes, you can use the DSS (unless it is given away to PK partners, that is).

The importance of using PGP or another strong privately developed crypto
is that it supports the industry rather than relies upon the government.

But since Mr Godwin has answered the question to his satisfaction and is not
responding to further questions, I guess we will never know the real reason
why the EFF will not use PGP to digitally sign press releases.

Apparently Mr Godwin chooses not to be responsive to the EFF membership with
respect to this issue. He only has said that sysops don't use PGP so rumors
would not be quashed anyway. From a person of his intelligence this is about 
the lamest reason I've heard.

Let me see if I can speculate on the real reaons the EFF may not choose to 
use PGP to sign press releases:

(0) Using PGP would be provocative to the very powers we seek to infiltrate
[ViaCrypt PGP is perfectly legal and fully licensed.]

(1) There is not a problem with authenticity.
[This must be false, otherwise Mr Godwin wouldn't have begun this thread]

(2) Signing with PGP is not effective.
[false; MD5 and RSA have no known weaknesses]

(3) Signing with PGP is too hard or would take too much time
[false, perfect for irregular press releases]

(4) PGP signatures take too much bandwidth.
[false, again perfect for the mmoderate to longer press releases]

(5) Sysops don't use PGP, rumors would spread anyway
[Sysops might begin with suitable leadership; the signature of course
could be ignored and the rumor spread anyway -- but if there *were*
a question of authenticity an individual could check the authenticity
without needing to log on to EFF's server or needing to personally 
contact an EFF official]

(6) Signatures make the press release harder to read
[false, a single line at the beginning and a block of lines at the end
are added, none of the body is changed in any way]

(7) We are journalists and attorneys, not nose-picking nerds

(8) We are journalists and attorneys, this might expose up to greater
liability and less 'deniability'.

(9) We just defend these 'PGP' and 'BBS' people.  We don't actually
want to ASSOCIATE with them more than we have to.  Cooties. 

(10) The EFF does not have to explain its actions or inactions to anyone.

While Sternlight is merely annoying, and sometimes entertaining, EFFs
lack of dialogue on this leadership opportunity supporting private
crypto signatures is very, very disappointing.
Grady Ward             | +1 707 826 7715  | finger grady at netcom.com for free
3449 Martha Ct.        | (voice/24hr FAX) | Moby lexicon brochure & samples
Arcata, CA  95521-4884 | 15E2ADD3D1C6F3FC | KN6JR monitoring 14.178 & 14.237
USA                    | 58ACF73D4F011E2F | 1800 UTC - 2000 UTC daily

More information about the cypherpunks-legacy mailing list