forgeries are good for you (was Re: REPOST : Un-forgeable Cancels)

? the Platypus {aka David Formosa} dformosa at
Sat Aug 9 22:53:40 PDT 1997


On Fri, 8 Aug 1997, Adam Back wrote:


> But that's cool!  Y shouldn't be able to cancel the forgery ... he
> didn't write it.  


> I mean this seriously.  People should stop misplacing any value on
> From fields.  You need to use digital signatures to recognize
> persistent personas.

This is true but with everthing there is a trade off between securaty and
efficency.  There are many posts on usenet that are just not worth the
cost of checking there sigs.  If I had to depend only on the sig reather
then having the chouse of only checking the sig on susouse posts I
wouldn't be able to read as much usenet as I do.

> (David = David Formosa?)


> What's the point of this?  To provide a way to stop unsophisticated
> forgeries without needing NoCeM support in the client? 

Not mean clients have the capsity to issue NoCeMs,  a lower number of
peaple have anough reputation to issue them.

> I guess it would work well enough, but it's really a bit centralised.

Not realy, when finished I will distrabute the sourse.  The hope is that
we will have a number of compeating retraction servers around the world.

> The operator of the retraction server might be over trusted by a lot
> of people.

True.  But building up that type of trust is possable.

> If the operator turns out to be untrustworthy, or whatever, you're out
> of luck.

No you simply more to the other retraction server.  There will be nothing
unqueek about one server then anouther.

> Also break into his machine and steal his secret key and you could
> have a _lot_ of fun.

This is true of cause.

>  And it's only one machine, what if his security isn't up to much.

Its not going to only be one machine.

> Think decentralised.

We are.

