From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Tue, 29 Nov 94 19:51:08 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Mandatory message signing
Message-ID: <ab01a66a0b021004f6d3@[132.162.201.201]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:59 PM 11/29/94, L. McCarthy wrote:
>Hold the phone !  As I understand the law, only one party to a telephone
>call has to be aware of the recording for it to be perfectly legal. Someone
>not party to the call can't do it, but any one of the people talking can do
>it.

I believe it varies from state to state, but this is indeed the norm.

>handle authentication like this. Ideally, some people would get together
>with Brent Chapman and incorporate authentication of signed messages in a
>future release of Majordomo.  I'd love to volunteer for a project like this
>but I don't believe I can spare the time.

Why stop at authenticating signed messages?  I'd like to see some mailing
list software that would send mail out to you encrypted if you want (sure,
the list is probably public, but you might not want people knowing you
subscribe. If list traffic was encrypted, and you routed it through Ghio's
remailer-alias doohickey, the fact that you subscribe could be kept
completely hidden), and would require authentication on a message to change
your address, or to change your public key (which would also be possible).
And would have config parameters such that the list operator could make it
only accept signed submissions, or even only accept submissions encrypted
to the list.  [not that I'm advocating this on the cypherpunks list, but it
might be good on other lists, especially private ones].  And Ideally, I'd
even like the list to be able to mail to you through the remailer-net, by
prepending your encrypted address block, and sending to a remailer.
Although the existence of Ghio's forementioned doohickey (what is that
service being called?) makes that somewhat superflous.

I was planning on writing such a beast myself, and might still get around
to it eventually. The problem is that I'm unlikely to write something from
scratch as robust as the current list server software (I'm not interested
in writing good list software, just in implementing the crypto), and I'm
not really skilled enough to understand the majordomo code enough to modify
it.  But I might try, one of these days.