1994-01-17 - Re: PGP posting validation

Header Data

From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
To: cypherpunks@toad.com
Message Hash: 39b0b2e906676d60a2fdf8a3eea5d5f4ac75d0a804732cbed097fe076e58fecc
Message ID: <AhCSGMS00awL0BMEUd@andrew.cmu.edu>
Reply To: N/A
UTC Datetime: 1994-01-17 01:08:49 UTC
Raw Date: Sun, 16 Jan 94 17:08:49 PST

Raw message

From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Date: Sun, 16 Jan 94 17:08:49 PST
To: cypherpunks@toad.com
Subject: Re: PGP posting validation
Message-ID: <AhCSGMS00awL0BMEUd@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Just to throw in my two cents worth:

How about this: Subscribes to the list (or anyone) can register their
public keys with a special keyserver that is part of the mailing list
software.  Then, on any posts made thereafter, signed with that public
key, the list software would append a header identifying the sender,
their public key ID, and their key fingerprint/md5-hash.  To prevent
spoofing by registering false key IDs, the system could keep a
reputation on each key, and report the number of days that key had been
registered, and the number of posts.  For example, a typical header
might look like:

From: John Doe <jd@net.com>
Subject: Whatever
Date: Tue, 27 May 1996  02:19:35 GMT
PGP-Authenticated-As: 1296A5/1F5A6792E5609CD7A932B1C82CAE934F; John Doe
PGP-Key-Reputation: 372d / 197p

Assuming that John Doe had been on the list over a year (372 days) and
had made 197 posts.  If suddenly a post appeared:

From: John Doe <jd@net.com>
Subject: Detweiler
Date: Tue, 29 May 1996  18:23:56 GMT
PGP-Authentication: Unknown Key

It would indicate that it was signed with a key that the system didn't
have in its database; an obvious forgery.  Hovever if the spoofer was
able to register a false public key with the server, with John Doe's
name on it:

From: John Doe <jd@net.com>
Subject: SQUISH
Date: Tue, 29 May 1996  23:39:47 GMT
PGP-Authenticated-As: 1296A5/6A1DFF5A49D56029B725E05609C0D7A9; John Doe
PGP-Key-Reputation: 0d / 0p

It would still be an obvious forgery, because the key had no reputation.
Anonymous users might like this feature, because they could identify
their posts without exposing their email addresses.
I don't think it's really necessary to block posts from people who don't
sign them, there are circumstances where it's not feasible to do so, but
perhaps a warning could be added such as:

PGP-Authentication: None





Thread