1995-11-28 - Cypherpunk Certification Authority

Header Data

From: anonymous-remailer@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 3fcb58f60638cbe3a91e46655d93d19748d79dab9e4772525b470d867fdbde44
Message ID: <199511281400.GAA22636@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1995-11-28 14:22:44 UTC
Raw Date: Tue, 28 Nov 1995 22:22:44 +0800

Raw message

From: anonymous-remailer@shell.portal.com
Date: Tue, 28 Nov 1995 22:22:44 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Certification Authority
Message-ID: <199511281400.GAA22636@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 28 Nov 1995, an impostor posing as Alice de 'nonymous wrote:

> On Sun, 26 Nov 1995, Perry E. Metzger wrote:
> 
> > Someone spoofing Alice, who is either Detweiler or "Dr." Cohen, says:
> > > I have never signed any of my posts to this mailing list and frankly have
> > > no intention of beginning at this point.
> > 
> > Well, signed Alice posts have shown up, so we will just have to assume
> > that the above was a spoof and that the signed Alice posts are the
> > real ones, now won't we?
> 
> Perry.  Normally I try my best to ignore you.
> 
> But I will simply repeat, I have never signed a post, and have no 
> intention of beginning to sign any posts, until I establish a secure 
> machine in a secure complex that is dedicated to that purpose.

This insistence on not making use of authentication tools at the same
time as whining about people spoofing you is what caused me to assume
your identity.  You were given ample warning.

Consider it a demonstration of why you should do just what you are
stubbornly refusing to do: generate yourself a damn key!

It is the best way to ensure a persistent persona whilst retaining
anonymity.

> I like to think that I take my security somewhat seriously.

For a purportedly security conscious impostor, you sure are reluctant
to make use of simple authentication tools.  Your risk assesment is
seriously out of whack too.

You do *not* need a secure machine to improve the level of
authentication of your posts: signing your posts would provide better
authentication than no authentication, even if the machine is not
tempest shielded, nor in a secure installation.

Finding your machine (we don't know remember), and installing a kernel
patch to catch your passphrase as it is typed in, or snag it from PGPs
core image is much harder to achieve, even if you are using a multi
user system.

PGP signing your post will give a much better authentication than
people who post from known email addresses; forgeries, and machine
breakins are not that hard to effect.

> And I would ask whoever DID post the PGP key under my name, to please
> issue a revocation certificate.

Oh so you do care about authentication :-)

An offer: you post your own key, and I'll post a revocation.

You might find that people take you more seriously once they know they
are talking to a persistent persona.

Alice de 'nonymous ...

                                  ...just another one of those...


P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMLsT3obu8OQjKS7RAQE62gQAoTxWo6Dipa1bZeNi5NygZ/9CLJ2pn44s
KN2TFWY0n1KPC4tibEM88GOI7vHCCLE8t/XQ2zx5YArjd/7toCidAlUY07vQ6ums
sL4J8oV4JDKdpq9WTWaTS/unBww8qBJRVDBHigtiOneIkmu6kfuBEh0JR+a5plfQ
00GQ4SfcyBk=
=SAXZ
-----END PGP SIGNATURE-----






Thread