1993-12-26 - Pseudo-spoofing the Gov’t

Header Data

From: Michael Edward Marotta <mercury@well.sf.ca.us>
To: cypherpunks@toad.com
Message Hash: 81361d2239674f6808c539ac4d053ffde8d34438fe7c3d112be0b6862b77a06c
Message ID: <199312261345.FAA07856@well.sf.ca.us>
Reply To: N/A
UTC Datetime: 1993-12-26 13:46:51 UTC
Raw Date: Sun, 26 Dec 93 05:46:51 PST

Raw message

From: Michael Edward Marotta <mercury@well.sf.ca.us>
Date: Sun, 26 Dec 93 05:46:51 PST
To: cypherpunks@toad.com
Subject: Pseudo-spoofing the Gov't
Message-ID: <199312261345.FAA07856@well.sf.ca.us>
MIME-Version: 1.0
Content-Type: text/plain


What happens when governments are online and someone pseudo-spoofs 
the state legislature?  
 
Writing about "Free Willy" I said that as a mere user, I had no 
way to know whether or not this came from president@whitehouse.gov 
except by the content.  If the content passed a style analysis, 
then I would have to accept it as real.  
 
The SOURCE of my problem is the parameters for email chosen by 
the administrators of a point, two systems away from me. 
 
Mark@blackplague, suggested that there was no problem at all:
"You just have to learn to read mail headers to get the gist of 
 what they are saying."
 
Well, yes, but this is the header I saw:
 
Message 5/12  From President@whitehouse.gov        Dec 19 '93 at 2:13 pm pst 
Return-Path: <heifetz!toad.com!owner-cypherpunks>
Return-Path: <President@whitehouse.gov>
Date: Sun, 19 Dec 93 14:13:02 PST
 
That's all I saw.  And I said that in my original post.  The 
problem remains unsolved for me.  The message came from the White 
House, was picked up at heifetz and I got it here.  Seems clear.
 
Mark@blackplague suggests:
A big clue is when it has "Apparently-To:" in the header... 
 
But I see this all the time.  I have an account on the Well.  I 
transfer email from there to my local system with a forward file.
Proves only that the mail was forwarded from one system to 
another. And again, I didn't see any of that, myself.
 
I was merely comparing the analysis of headers offered by two 
'punkers to show that the "solutions" offered differed from each 
other. 
 
The problem remains. Nothing on a computer can be trusted.
 
PGP?  Sorry, it's not for users.  I see these PGP Keys appended 
to messages all the time.  Garbage characters.  I have no 
intention of grabbing them, making them fields in a record or 
records in a file or files in a database, on the unlikely chance 
that someday I might want to send a secret message to someone. 
Speaking as a mere user, when the government cracks down on 
crypto, no one will care.
 
By comparison, the mainstream magazine INFORMATION WEEK tried to 
make a story out of Alona Shores.  No one cared.  Also, consider 
that Prodigy hasn't gone out of business.  I get their free 
diskettes whenever I can and then reformat them for my own use as 
backup media.  But 99% of Prodigy's clients were unaffected by 
the Burning Issues. 
 
By comparison, in the 2nd and 1st centuries BC, pirates from 
Cilicia lived by kidnapping people and selling them as slaves.  
They thrived because slavery was accepted.  They raided and 
destroyed the freeport Delos.  No one cared much. They erred when 
they nabbed rich Romans.  Pompey shut them down.  But slavery 
wasn't ended.  The pirates weren't erased: they merely became 
(respectable) subjects of the Romans.  We live in a society that 
accepts slavery.  Before you "revolt" remember Spartacus: Pompey 
shut him down, also.
 
We COULD verify "Free Willy" of course.  (stop me if you've heard 
this)  The White House publishes its public crypto key.  Using 
its private key, it sends out a message.  The published key 
unlocks the message and we know it came from Willy Himself. Great 
idea.  Until and unless there is a paradigm shift, it will never 
happen.  That shift could mean an end to browsing the newsies, 
since you'd have to have a key for every source. 
 
What happens when governments are online and someone pseudo-spoofs 
the state legislature?  
 





Thread