1996-06-22 - Re: Bad Signatures
Header Data
From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 659697a6e77aa28f916a3380e910e4dd3b0cd8c4346fb93c7fba6f576b894e2b
Message ID: <adf17bba000210045c25@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1996-06-22 22:53:52 UTC
Raw Date: Sun, 23 Jun 1996 06:53:52 +0800
Raw message
From: tcmay@got.net (Timothy C. May)
Date: Sun, 23 Jun 1996 06:53:52 +0800
To: cypherpunks@toad.com
Subject: Re: Bad Signatures
Message-ID: <adf17bba000210045c25@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain
At 3:12 PM 6/22/96, geoff wrote:
>I am not convinced. For a mailing list it makes sense for all members
>to be aware of message integrity problems. Not all cypherpunks have
>your lisp package or Pronto Secure which make signature verification of
>the 10-20 pgp signed messages per day on the list a non trivial task.
>
>I also like the idea that cpunks provides as a byproduct a platform for
>developers to test and debug their security products. We really should
>be getting the bugs out of plain text signatures. You cannot expect Joe
>User to differentiate between an intruder and a gateway massaging the
>message.
>
>Geoff Klein
>Pronto Secure Product Manager
Trusting others to perform cryptographic functions (encryption, decrytion,
signing, signature verification, etc.) is counter to the usual notions of
security.
Of course, people are free to ask others to do cryptographic functions for
them, to tell them which signatures are valid, and which are not. It's a
free society, after all.
However, I think there's already enough traffic on this list without having
"bounce" messages chastising folks for having signatures that for one
reason or another failed their tests. (Could be munging at _their_ end, for
example.)
Those who want to compile lists of "bad signatures," as determined by their
tests, could include a pointer to a URL at their site which says something
like "A list of suspected bad or improperly-formed signatures may be found
at hyyp://www.key-trust.org"
This heads off having a message with a bad sig generating N more messages
to the list announcing some conclusion or another about the sig. Not
something we need.
--Tim May
Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Licensed Ontologist | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
Thread
Return to June 1996
Return to “tcmay@got.net (Timothy C. May)”
1996-06-22 (Sun, 23 Jun 1996 06:53:52 +0800) - Re: Bad Signatures - tcmay@got.net (Timothy C. May)