From: “Philippe Nave” <pdn@dwroll.dw.att.com>
To: cypherpunks@toad.com (cypherpunks)
Message Hash: d8089d4315d527efdd9bb0a254f06dbcbfcc2980d962c63999046b9c6ad9a7b6
Message ID: <9401160545.AA04896@toad.com>
Reply To: N/A
UTC Datetime: 1994-01-16 05:45:53 UTC
Raw Date: Sat, 15 Jan 94 21:45:53 PST
From: "Philippe Nave" <pdn@dwroll.dw.att.com>
Date: Sat, 15 Jan 94 21:45:53 PST
To: cypherpunks@toad.com (cypherpunks)
Subject: PGP posting validation
Message-ID: <9401160545.AA04896@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
As I recall, the PGP-filtered mail list idea was proposed to the list a while
back and semi-informally put to a vote. At the time, I 'voted' against the
idea, because I did not perceive the spoofing problem to be serious enough
to warrant that sort of response. Times change, I guess - it's easy to filter
certain names and anon ids out of my mail, but more complex spoofs involving
SMTP ports and so on call for more involved filtering procedures.
Here's my two cents' worth- how about a filter on incoming mail to the list
that performs these functions:
1) check the incoming post for a PGP signature
2) If a sig is found, check it against the list's public keyring
3) If the key matches, pop a line like "X-PGP-Keycheck: user so-and-so"
into the posting
4) If the incoming message already has a "X-PGP-Keycheck:" line in it,
drop that line off - somebody's trying to spoof us
For those 'punks who can/will sign their messages, this would provide a simple
'reputation check' visible to all recipients. For others, postings would flow
through the system exactly like they do today, vulnerable to spoofs and so on.
My main concern is that we get a filter online that is secure but simple.
Programmers (myself included) will want to launch off and devise some
horrendously complex PGP empire right away, but it would probably be smarter
to start small.
- --
........................................................................
Philippe D. Nave, Jr. | The person who does not use message encryption
pdn@dwroll.dw.att.com | will soon be at the mercy of those who DO...
Denver, Colorado USA | PGP public key: by arrangement.
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLTjTAwvlW1K2YdE1AQGEdAP8DY8KAK7EU9HkPxuuqMwApwTB7hMP+k1i
WGzHgq6RLQvHpZAbzywAbLvxVayzbPd+oCAfF8rSuf7NgFiz8TSqIDyMxM7dGh8Q
8KkEUbEyMQG4//M1Y0HrxhZXemq0a98umtAEQmyyFUFFuvrR95q5iJ1BtGqqF+oH
fNXp2UIqfIw=
=cXHA
-----END PGP SIGNATURE-----
Return to January 1994
Return to ““Robert A. Hayden” <hayden@krypton.mankato.msus.edu>”