signing messages

Timothy C. May tcmay at netcom.com
Tue Nov 29 22:25:05 PST 1994



(I haven't been getting list mail all day...just a few message getting
through Netcom's mail bouncer, so....)

Greg Broiles wrote:

> Seems like one way to encourage the use of digital signatures is to
> start forging messages from people who don't ordinarily sign their
> messages. Necessity is the mother of invention, and all of that.
> 
> I finally started signing my messages on a regular basis as a result
> of Detweiler forging a message which purported to be from me. On the
> other hand, I think Tim has been the most frequent target of 
> Detweiler's forgeries, and I don't detect much of a creep towards
> signing messages on his part. 

Several points, and I'll try not to repeat points I made in my long
essay of early this morning:

1. Only one person has reported to me that they were unable to verify
my PGP sig (Lance Cottrell reported this...if others did, maybe their
messages haven't gotten through to me)). From this I conclude that few
people check PGP sigs.

(The "PGP 2.7" and the ASCII message in the sig might've provided some
clues.) 

2. This does not make such sigs useless of course, as the main value
is in "critical" situations. (Legal cases, forgeries, diplomacy,
contracts, etc.)

3. Again, crypto is about economics. In the military, crypto is a big
part of operations (maybe 5% of staff on ships is connected with
crypto, communications, etc.). But the military has real needs, and
can afford (via our tax dollars) to have such efforts. Most of us are
not dealing with such critical uses.

4. Speaking for myself, I have not generated or transmitted a file I
felt *needed* to be signed, encrypted, etc. This is not to say such
situations don't exist for others, won't someday exist for me, etc.
Just things as they now stand.

(When contracts are handled electronically, when payments are made
electronically, etc., then such uses will be more apparent. But I am
fairly open about my politics--indeed, I fly the flag of crypto
anarchy in visible places--and have few files I transmit that I need
to encrypt. Your mileage may vary.)

5. The Detweiler thing was amusing. No such thing as bad publicity
(unless it's the Pinto-um RISK chip). Detweiler's forgeries had no
legal effect on me, no lasting effect. Also, those who were  "taken
in" by his forgeries would hardly be in a position to verify my sig
(to know who I was, to look up my PK on a keyserver, to jump through
the hoops needed, and to ensure that the "Tim May" they checked was
not in fact a phony keyserver entry...the several "BlackNet" public
keys, only one of which I generated, are instructive).

I don't discourage anyone from using crypto, from signing messages,
from routinely encrypting, etc. I just reject arguments that crypto is
"essential," today, when in fact it clearly isn't. Crying wolf and all
that.

In 2-4 years, a lot of the current incompatibilities and lack of
usability will have been worked out. About the time I expect to
actually _need_ to use more crypto.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: majordomo at toad.com with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay







More information about the cypherpunks-legacy mailing list