Mandatory message signing

Tue Nov 29 18:59:25 PST 1994

-----BEGIN PGP SIGNED MESSAGE-----

Tom Bryce writes:
[BTW, welcome to the list]
> Hmmm. But even with a psuedonym like that, people can still claim you were
> Dr. Death, and Dr. Death will have posted enough stuff about enough
> things so the Dr. and you can be linked fairly certainly, isn't this right?

There is a distinct danger that one can be identified, with a fairly high 
degree of confidence, by the characteristics of one's writing style. If one
holds particularly unusual views, the content of expression may belie one's
pseudonymous identity. Altering one's writing style is a nontrivial problem
for AI researchers, but a human can do a decent job of it. About all one can
do about one's distinguishing _opinions_ is to refrain entirely from posting
under one's own name. If you think safe sex with animals (safe bestiality 
doesn't have the same ring to it ;) should be taught in public schools, and 
you've posted to that effect, you're simply stuck with the fact that hardly 
anyone will believe that someone else could be behind a pseudonym which 
shares that opinion. Basically, if you choose to identify yourself implicitly,
that's your problem.

> There's a reason why one should prefer the telephone over mail for many
> matters. That is, no one can record your call (legally) and prove that you
> said a certain thing at a certain time,

Hold the phone !  As I understand the law, only one party to a telephone
call has to be aware of the recording for it to be perfectly legal. Someone
not party to the call can't do it, but any one of the people talking can do
it.

> while they can keep your letter
> and prove you wrote a certain thing. Honestly, the chance of someone
> posting a fraudulent message under someone else's email address to the
> cypherpunks list is pretty slim,

It's happened.

Allow me to weigh in on the heart of this signing requirement debate. I don't
see a need at present to require dig sigs in messages to the list. I'm
nobody's anarchist, but like Blanc I am uncomfortable with the idea of 
imposing a restriction like this on the rest of the list on principle.

Meanwhile, the suggestion that the list software be adapted to verify 
signatures on incoming messages qualifies the entire discussion as
profitable, IMHO. On the theme of transparency and standardization, I think
the important thing is to develop a generally applicable patch to Majordomo to
handle authentication like this. Ideally, some people would get together
with Brent Chapman and incorporate authentication of signed messages in a
future release of Majordomo.  I'd love to volunteer for a project like this
but I don't believe I can spare the time.

- -L. Futplex McCarthy; PGP key by finger or server
"Don't say my head was empty, when I had things to hide...." --Men at Work

-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLtvqe2f7YYibNzjpAQFTsQP/eAd+nmCT+aYJ+gioyLFOz9Vsyw3THwlL
UIi+57XrL+SwT+7AHga/upWy1vdos8bEKrV2XWIbaCpda5QoE/34VjfIhkYE5OZB
Yq6a1uZ51wAEOV4ynwa9p65VzMMspqb4tSl7KoqiqpjBtaoCGPHsxQp2EhnOk5YM
7S+e+lmgSWA=
=ltql
-----END PGP SIGNATURE-----