Bad Signatures
Lucky Green
shamrock at netcom.com
Sat Jun 22 16:01:10 PDT 1996
At 18:12 6/22/96, geoff wrote:
>> Further, it makes philisophical/political sense to me to have
>> verification distributed. Every node should be doing it's own
>> security.
>
>I am not convinced. For a mailing list it makes sense for all members
>to be aware of message integrity problems. Not all cypherpunks have
>your lisp package or Pronto Secure which make signature verification of
>the 10-20 pgp signed messages per day on the list a non trivial task.
If you think about the issue in more detail, you will realize that having a
third party do signature verification is no more useful than having a third
party do your encryption for you. In other words, not only is it not
useful, it is downright dangerous, since it provides you with a false sense
of security. If someone wishes to bounce messages that don't verify back to
the originator, great. But please do not further add to list traffic by
bouncing these messages to the list.
Thanks,
-- Lucky Green <mailto:shamrock at netcom.com>
PGP encrypted mail preferred.
Disclaimer: My opinions are my own.
More information about the cypherpunks-legacy
mailing list