1994-03-17 - Re: EFF gun-shy of legally employing PGP (fwd)

Header Data

From: Mike Godwin <mnemonic@eff.org>
To: hughes@ah.com (Eric Hughes)
Message Hash: f277dd1ade3202d43696b0b14fcc0391cc376c3770ca19278dc99788bf3b41f7
Message ID: <199403172329.SAA25354@eff.org>
Reply To: <9403172238.AA02366@ah.com>
UTC Datetime: 1994-03-17 23:30:03 UTC
Raw Date: Thu, 17 Mar 94 15:30:03 PST

Raw message

From: Mike Godwin <mnemonic@eff.org>
Date: Thu, 17 Mar 94 15:30:03 PST
To: hughes@ah.com (Eric Hughes)
Subject: Re: EFF gun-shy of legally employing PGP (fwd)
In-Reply-To: <9403172238.AA02366@ah.com>
Message-ID: <199403172329.SAA25354@eff.org>
MIME-Version: 1.0
Content-Type: text/plain

Eric Hughes writes:

> On not using PGP:
> >1) It wouldn't have solved the problem, since the majority of people who
> >spreead the false press release are not encryption users.
> Yes, it would solve the problem.  Not every individual could have
> verified the message, but enough people would have, and immediately
> enough, that no question would have remained for long about the
> forgery.

I respectfully disagree.. This may change in the future, of course.

What surely would have happened is that few people would have bothered to
check the signature, and those who did might try to counter the rumors,
but I'd still get calls from people who want to know *directly from me*
that it's a hoax (in other words, they wouldn't credit the claims of those
who checked the signature). Net result--no difference in time and effort
on my part.

Now, don't get me wrong--use of crypto is a good thing, and should be
encouraged, and we may eventually standardize on its use within EFF.
But the claim that this would have prevented the hoax is insupportable. 
Maybe in the future crypto society, but not now.

It is important to uncouple the argument that EFF should use crypto
from the argument that if we had used it, the problem we saw here would
not occur.

> MacRIPEM is both easy to use and runs on a Mac.

The specific argument that Grady Ward used to savage me and EFF is based
on the claim that we should have used PGP *specifically*.

> It is not my place to make internal EFF policy, but I will suggest it,
> namely, that all public communications that go out to Usenet and to
> public mailing lists be digitally signed by their authors.

As a matter of pure aesthetics, I prefer other things in my .signature.
There is even less poetry on the Net than there is cryptography.

Mike Godwin, (202) 347-5400 |"And walk among long dappled grass,
mnemonic@eff.org            | And pluck till time and times are done 
Electronic Frontier         | The silver apples of the moon,
Foundation                  | The golden apples of the sun."