From: Michael Edward Marotta <mercury@well.sf.ca.us>
To: cypherpunks@toad.com
Message Hash: 81361d2239674f6808c539ac4d053ffde8d34438fe7c3d112be0b6862b77a06c
Message ID: <199312261345.FAA07856@well.sf.ca.us>
Reply To: N/A
UTC Datetime: 1993-12-26 13:46:51 UTC
Raw Date: Sun, 26 Dec 93 05:46:51 PST
From: Michael Edward Marotta <mercury@well.sf.ca.us>
Date: Sun, 26 Dec 93 05:46:51 PST
To: cypherpunks@toad.com
Subject: Pseudo-spoofing the Gov't
Message-ID: <199312261345.FAA07856@well.sf.ca.us>
MIME-Version: 1.0
Content-Type: text/plain
What happens when governments are online and someone pseudo-spoofs
the state legislature?
Writing about "Free Willy" I said that as a mere user, I had no
way to know whether or not this came from president@whitehouse.gov
except by the content. If the content passed a style analysis,
then I would have to accept it as real.
The SOURCE of my problem is the parameters for email chosen by
the administrators of a point, two systems away from me.
Mark@blackplague, suggested that there was no problem at all:
"You just have to learn to read mail headers to get the gist of
what they are saying."
Well, yes, but this is the header I saw:
Message 5/12 From President@whitehouse.gov Dec 19 '93 at 2:13 pm pst
Return-Path: <heifetz!toad.com!owner-cypherpunks>
Return-Path: <President@whitehouse.gov>
Date: Sun, 19 Dec 93 14:13:02 PST
That's all I saw. And I said that in my original post. The
problem remains unsolved for me. The message came from the White
House, was picked up at heifetz and I got it here. Seems clear.
Mark@blackplague suggests:
A big clue is when it has "Apparently-To:" in the header...
But I see this all the time. I have an account on the Well. I
transfer email from there to my local system with a forward file.
Proves only that the mail was forwarded from one system to
another. And again, I didn't see any of that, myself.
I was merely comparing the analysis of headers offered by two
'punkers to show that the "solutions" offered differed from each
other.
The problem remains. Nothing on a computer can be trusted.
PGP? Sorry, it's not for users. I see these PGP Keys appended
to messages all the time. Garbage characters. I have no
intention of grabbing them, making them fields in a record or
records in a file or files in a database, on the unlikely chance
that someday I might want to send a secret message to someone.
Speaking as a mere user, when the government cracks down on
crypto, no one will care.
By comparison, the mainstream magazine INFORMATION WEEK tried to
make a story out of Alona Shores. No one cared. Also, consider
that Prodigy hasn't gone out of business. I get their free
diskettes whenever I can and then reformat them for my own use as
backup media. But 99% of Prodigy's clients were unaffected by
the Burning Issues.
By comparison, in the 2nd and 1st centuries BC, pirates from
Cilicia lived by kidnapping people and selling them as slaves.
They thrived because slavery was accepted. They raided and
destroyed the freeport Delos. No one cared much. They erred when
they nabbed rich Romans. Pompey shut them down. But slavery
wasn't ended. The pirates weren't erased: they merely became
(respectable) subjects of the Romans. We live in a society that
accepts slavery. Before you "revolt" remember Spartacus: Pompey
shut him down, also.
We COULD verify "Free Willy" of course. (stop me if you've heard
this) The White House publishes its public crypto key. Using
its private key, it sends out a message. The published key
unlocks the message and we know it came from Willy Himself. Great
idea. Until and unless there is a paradigm shift, it will never
happen. That shift could mean an end to browsing the newsies,
since you'd have to have a key for every source.
What happens when governments are online and someone pseudo-spoofs
the state legislature?
Return to December 1993
Return to ““Perry E. Metzger” <pmetzger@lehman.com>”