From: "Dr. D.C. Williams" <dcwill@python.ee.unr.edu>
Date: Thu, 1 Dec 94 12:13:18 PST
To: eric@remailer.net (Eric Hughes)
Subject: Re: Warm, fuzzy, misleading feelings
In-Reply-To: <199412011950.LAA13468@largo.remailer.net>
Message-ID: <199412012011.MAA09700@python>
MIME-Version: 1.0
Content-Type: text/plain


------------BEGIN DIGITALLY SIGNED MESSAGE------------------

From Eric Hughes:

> 
> To someone who doesn't know what a digital signature is at all, it
> doesn't matter if it's real or faked.  Communication to these people
> is entirely from the odd-looking form of the appendages.

I would prefer to teach fewer of them to speak than teach a larger number
of them to grunt.

> I advocate partial progress, and the lack
> of a benefit is not sufficient argument against things that actually
> work.

I believe that your definition of what works and what doesn't may be
very different from mine. Spoofing sigs doesn't qualify as something
that "works" in my book. Maybe banks should start paying high quality
forged checks because some effort has been expended in their creation.

> If you don't have a public key, it doesn't matter if the signature was
> real or faked; you still can't verify it.

No, but if the message is sufficiently important to you, some genuine
productive effort can be expended to acquire the public key and verify
the message. I only bother to verify sigs on messages where authenticity
matters, and I suspect that most others follow the same guideline. 

A bogus signature is, of course, unverifiable. Why waste effort requiring
something as non-functional as a spoofed signature?

 
> One of the purposes of this proposal is to encourage people to change
> their software to automatically sign. 

Why? Even AOlers can make a bogus sig as a .sig file and attach it to
every outgoing message. Does this even come close to teaching people
how to use _real_ dig sigs? I don't think so. What's the benefit of
teaching and encouraging people to do the wrong thing?


> The benefit I want more, of the two, is
> the automaticity.  If, for whatever reason, actual signing can't
> happen, I am content with the form of a signature.

Then the vast majority of grunters will put a spoof in their .sig files
and be "done" with crypto. If you see that as serving some higher 
purpose, then you and I will never agree on this issue.

> That's fine, and I agree with the idea as a solution to the insecurity
> of keys on a public machine.  I do not, however, feel I need to insist
> that everyone do this.

Rather than insist that people be forced down any specific path, they
should be encouraged to use proper forms of digital authentication. I
thought that was your original goal, and I'm disappointed that your
original objective has been compromised by an "automatic-spoof-is-good
-enough" clause.
 

> 1. Crypto-unaware people will see the form and ask what it is.

"Aww, that some kind of gibberish I had to include so my post would
go through without being delayed. It really doesn't mean or do
anything. Last week, I didn't know nothin' about crypto . . ."

 
> 2. Crypto-aware people will alter their software to do something
> automatically.

In vi, type

<ESC> :r .sig

and suddenly, the following pops up:


Beavis@butthead.biteme.edu

--------BEGIN BFD SIGNATURE-------
GyGYTv%c4u68998*7tvv5c4%$ex3xc$%ec^%^&tb*&b98&YN8(MN})]mn*&b87Tyv5r8
BN8&b987y*&%Rc5$X4523W5-9}]{)([]0NP89YB67&C$Ec4ex$#xw%^v90-*U-m9_0987V
---------END BFD SIGNATURE--------

Automagically! And much easier than actually bothering to learn something
really useful.

 
>   2a.  Many, perhaps most, of these people will use real crypto once
> auto-something already set up.

Not if they don't need to really get or use it. If your proposal required
something more that a shoddy spoof, it _would_ have a lot of merit. But
anyone can append a dig sig without even knowing how to spell PGP. That's
where your good idea is derailed.

I fail to see any good that can flow from compelling people to do something
stupid. If you're committed to the Real Thing, herd the cats into the
place they really belong instead of letting them decide where to go and
later claiming that that was where you wanted them to go all along.



=D.C. Williams	<dcwill@ee.unr.edu>


-------------HERE'S MY DIGITAL SIGNATURE:-----------------------

  ___           ___    __                                          , _   __  
 (|  \  ,_     (|  \  / ()  (|  |  |_/o |\ |\ o  _,           ,   /|/ \ / () 
 _|   |/  |    _|   ||       |  |  |  | |/ |/ | / |  /|/|/|  / \_  |__/ >-   
(/\__/    |/o (/\__/o \__/o   \/ \/   |/|_/|_/|/\/|_/ | | |_/\_/o  |   o\__/o
  
--------------PRETTY COOL, HUH? -------------------------------