From: “Robert A. Hayden” <hayden@krypton.mankato.msus.edu>
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Message Hash: 8ce68b7e573db94b67aeff713cf141af2bda82ea74c1c2521a3b7353686de3cd
Message ID: <Pine.3.88.9401161724.A7721-0100000@krypton.mankato.msus.edu>
Reply To: <m0pLf52-0003DxC@brewmeister.xstablu.com>
UTC Datetime: 1994-01-16 23:09:05 UTC
Raw Date: Sun, 16 Jan 94 15:09:05 PST
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Sun, 16 Jan 94 15:09:05 PST
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: PGP posting validation
In-Reply-To: <m0pLf52-0003DxC@brewmeister.xstablu.com>
Message-ID: <Pine.3.88.9401161724.A7721-0100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 16 Jan 1994, DrZaphod wrote:
> Robert A. Hayden [hayden@krypton.mankato.msus.edu] wrote:
Just to verify, I followed up to a previous posting, it wasn't mine
originally :-)
>
> > > Here's my two cents' worth- how about a filter on incoming mail to the list
> > > that performs these functions:
> > > 1) check the incoming post for a PGP signature
> > > 2) If a sig is found, check it against the list's public keyring
>
> Hmm.. this would allow us to prove that THE LIST thinks he's
> who he says he is.. or who THE LIST tells us he is.. Now, I am not
> paranoid against THE LIST, but I suggest that THE PEOPLE should
> not filter THEIR thoughts. What of censorship [on an aside, is there
> a censor apprenticeship? Why the 'ship?']!? If you must censor..
> censor your own messages with filters running on your own machine..
> maybe even publish your filter list to the net so we can all understand
> each other. Remember that there will always be a percentage of noise
> in any public forum.. there is no average without these outliers.
> For a group SO interested in RANDOM numbers, some people sure do want
> to organize everything. TTFN.
Please don't take this as confrontational (ie, this is not a flame :-)
How would requiring that postings made to a list be verifyable be
censorship? What it does is verify that REAL people posted the message
and that the person who's address is on the message is actually the person
that posted it.
Now, granted, I suppose it could end up dumping some postings because
they were forged, and that is sort of censoring. But it isn't censoring
based on content, but based on the fact that it appears to be a forgery.
And by bouncing a message back to the person that posted it, you give
them an opportunity to repost (this time signed) in case they forgot.
Also, as for the filter idea. If some jerk is posting a message as
appearing to come from schmuck@foo.bar.com, yes, I could add that address
to my filter and delete it before i see it, but if the jerk starts
posting as coming from idjit@bar.foo.com, I'd have to add another filter
line.
By doing a check of the digital signature against the posters public key,
you eliminate most instances of forgery. Of course, if the poster's key
is compromised, that's a different story.
____ Robert A. Hayden <=> hayden@krypton.mankato.msus.edu
\ /__ -=-=-=-=- <=> -=-=-=-=-
\/ / Finger for Geek Code Info <=> To flame me, log on to ICBMnet and
\/ Finger for PGP 2.3a Public Key <=> target 44 09' 49" N x 93 59' 57" W
- -=-=-=-=-=-=-=-
(GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLTnJ/53BsrEqkf9NAQEUNgP/ZcToPpXmZ1LodtlMUi3xibxppUEAKv5H
czC97H08Lewk+E9Ss2eRjJWWfMsqTE7Yo1o7iAD+aB6dhrpSLNJ4XuTLD/Z8SWO2
OeWZTgSp1gwAbqrQBRyIkq0Ocu5GgI9bURzqoSfUQ6s1sPi8fSqICghG0vV5sXYd
IFqoEJQSTPc=
=sIKV
-----END PGP SIGNATURE-----
Return to January 1994
Return to ““Robert A. Hayden” <hayden@krypton.mankato.msus.edu>”