1993-10-24 - Re: impersonation

Header Data

From: rjc@gnu.ai.mit.edu (Ray)
To: catalyst@netcom.com (Scott Collins)
Message Hash: f4706bd7a321534d4daa9e5a4b1052f004aa9e7c4168663e00c6c4cd8f00d646
Message ID: <9310241254.AA12447@churchy.gnu.ai.mit.edu>
Reply To: <9310241011.AA28640@newton.apple.com>
UTC Datetime: 1993-10-24 12:58:34 UTC
Raw Date: Sun, 24 Oct 93 05:58:34 PDT

Raw message

From: rjc@gnu.ai.mit.edu (Ray)
Date: Sun, 24 Oct 93 05:58:34 PDT
To: catalyst@netcom.com (Scott Collins)
Subject: Re: impersonation
In-Reply-To: <9310241011.AA28640@newton.apple.com>
Message-ID: <9310241254.AA12447@churchy.gnu.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Scott Collins () writes:
> 
> This is not true.
[...]
> There are two major thrusts to the tech discussed on this list.
> 
>   a) anonymity, i.e., stripping communication of provable identity;
>   b) authentication, i.e., demonstrable proof of identity.
[...] 
> illicitly claim another's identity.  The technology of the latter category
> (e.g., digital signatures) is, in fact, meant to be a significant obstacle
> to this very act.
[...]
> as rape.  I'm pretty damn pleased that cryptography has provided me a
> weapon against it: a weapon advocated by cypherpunks; a weapon wielded
> frequently on this list; a weapon we are all armed with, in the bodies of
> PGP and PEM.
[...] 
> 'track covering', and conversely, less credibility.  Digital signatures, on
> the other hand, provide a simple, tested, workable protection.

  Thank you. I've been trying to drum this into people for a while, especially
Detweiler. I don't know how much more he can want, but Digital Sigs must
not be acceptable because he rejected my "private password for posting" which
is almost equivalent to a digital signature scheme except that the password
checking is done at the distribution site, not the home site (which is
preferable to some people who don't have great boxes at home)

  With MD5+digital sigs, a real moderated newsgroup could work without the
capability of someone forging control messages. Simply have the news
software reject articles which aren't signed by the moderator. The same
could go for "non-spoofing" secure groups. The technology is already here,
all it takes is a few mods to existing readers. There is no need for
a future draconet or data super-(fcc controlled and censored)-highway.


-- Ray Cromwell        |    Engineering is the implementation of science;    --
-- EE/Math Student     |       politics is the implementation of faith.      --
-- rjc@gnu.ai.mit.edu  |                         - Zetetic Commentaries      --





Thread