Shouldn't "toad" messages be signed?
Timothy C. May
tcmay at netcom.com
Wed Nov 30 14:21:39 PST 1994
---BEGIN PGP SIGNED MESSAGE---
This message originates at "toad.com" and is hereby signed by the
Cypherpunks Signature Authority:
---BEGIN PGP SIGNED MESSAGE---
It seems clear to me that by the logic of this thread, *all* messages
passing through toad to us should naturally be _signed_. After all,
how do we know if an "approved" message has indeed passed through
toad? Someone else could be spoofing the account.
If we are to place additional trust in toad.com, via the proposed
checking of sigs, then toad itself should sign all messages!
This will produce nested sigs, as I attempted to illustrate above
(apologies if I got the precise syntax wrong). And (at least) two full
sig blocks at the bottom (not illustrated here). At the least, short
messages will become quite a bit longer.
And will today's tools allow easy extraction of first the toad sig,
then the enclosed sig?
Seems to me that if Eric wants to start encouraging use of sigs, that
a good first start would be for toad to sign all messages.
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: majordomo at toad.com with body message of only:
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
More information about the cypherpunks-legacy
mailing list