(CANADIAN PRESS REPORTS)
anonymous-remailer at shell.portal.com
anonymous-remailer at shell.portal.com
Sat Nov 18 20:52:55 PST 1995
On Sat, 18 Nov 1995, jim bell wrote:
> >anonymous writes:
> >> I still feel such a sense of violation with what LD did, such an
> >> utter sense of helplessness at the character assassination I've
> >> suffered at his hands,
> >
> >So use PGP, sign your messages. Simple solution.
>
> Absolutely! Anybody who uses anonymous remailers to post to public areas,
> and does not use digital signatures to prevent spoofing when it is obviously
> needed, is a fool or worse.
Most people believe THAT a digital signature is evidence that I am who my
signature _says_ I am when it really doesn't do that at all. It isn't
reliable at all.
Unfortunately, I've learned the hard way NOT to do that. Digital
signatures don't prevent spoofing.
In fact, I think that thinking something is secure when it isn't leads
to even more trouble, and could even lead to many tragedies.
In a nutshell, here's the problem.
If someone takes my pgp secret keyring and my password, then they can
sign a message *digitally* so that people believe the spoofed message is
really from me. In fact, since most people tend to rely on a pgp message
far more than a non-pgp message, most people would be absolutely
convinced that the message was in fact from me.
Signing with PGP is just not a solution.
Alice de 'nonymous ...
...just another one of those...
P.S. This post is in the public domain.
C. S. U. M. O. C. L. U. N. E.
More information about the cypherpunks-legacy
mailing list