1993-10-25 - Signing Messages & Other Ramblings

Header Data

From: Panzer Boy <panzer@drown.slip.andrew.cmu.edu>
To: Cypherpunk Mailing List <cypherpunks@toad.com>
Message Hash: 933a22908505eba04f8eea6ccbf03392f0e0d5efecbfafbd40f335e0146bac0d
Message ID: <Pine.>
Reply To: N/A
UTC Datetime: 1993-10-25 06:38:46 UTC
Raw Date: Sun, 24 Oct 93 23:38:46 PDT

Raw message

From: Panzer Boy <panzer@drown.slip.andrew.cmu.edu>
Date: Sun, 24 Oct 93 23:38:46 PDT
To: Cypherpunk Mailing List <cypherpunks@toad.com>
Subject: Signing Messages & Other Ramblings
Message-ID: <Pine.>
MIME-Version: 1.0
Content-Type: text/plain


First, I would like to make sure that Eric Hughes knows that by his simple
little push he has gotten someone (me) to install some code for Emacs to
auto-sign messages.  This, with external editing capabilities of Pine,
allow me to sign all my outgoing mail extremely easily.  If anyone would
like help on this, just send me mail, and I can explain how to do it.

L Detweilers obvious disliking towards people not being who they say they
are.  This is an obvious problem with the net.  The net is based on a
model of people trusting everyone else.  Nothing that is posted or or sent
out from net machines has verification on it.  Currently this implies that
the users need to do their own verification.  Creating software that
automatically handles signatures in and out, handles the fact that every
machine but your own is not to be trusted.  Assuming that people are going
to be truthful and nice to you all the time is a nice fantasy, yet it
rarely happens.  It does happen more often on the Net than it does is
"Real-Life" though.

I have spoofed mail before, mostly as a joke among friends.  All of my
"targets" were told sooner or later about the joke.  Because this
information is not new to me, I don't expect all mail to me to be
originating from the person it says it's from.  You must judge incoming
mail, and posts, on their content.  If you have questions about the
content than demand some sort of proof of who they say they are.

People have said they feel "RAPED" when they discover they are talking to
people who aren't who they say they are.  "Raped" is a harsh word, but
chosen obviously for it's violent connotations, even if these connotations
are a bit wrong.

Being the target of "spoofed" mail is like being conned, obviously no one
likes be show that s/he is ignorant.  It hurts, but at the same time, you
shouldn't expect everyone to play by the "honor-system".

When I read mail from people I usually assume it is from the person in the
"From:" line.  But if the mail is something absurd, or controversial, then
I don't automatically assume this.  If for example there was a post from
Hal Finney about the great new digi-cash system that he had implemented
and that it had financial banking from a rich middle eastern country.  I
would probably check the signature, and then even after that I would
probably still wait and see if it was a "black-net" post.

Well, this post has gotten to the length were many people will probably
not read it, so I will stop here, and continue with some other comments
about the new anon-remailer tomorrow.

 -Matt                              | Use the normal means to extract my 
 (panzer@drown.slip.andrew.cmu.edu) | public key for proof of this message

 "That which can never be enforced should not be prohibited."

Version: 2.3a