1994-11-30 - Re: The Market for Crypto–A Curmudgeon’s View

Header Data

From: Christian Odhner <cdodhner@PrimeNet.Com>
To: Sandy Sandfort <sandfort@crl.com>
Message Hash: 7869b8fffad4dac73be48bc1f751b3314147934c4e617235733b3aff04150161
Message ID: <Pine.BSI.3.90.941130020949.13850C-100000@usr3.primenet.com>
Reply To: <Pine.SUN.3.91.941129140718.21998A-100000@crl.crl.com>
UTC Datetime: 1994-11-30 09:24:03 UTC
Raw Date: Wed, 30 Nov 94 01:24:03 PST

Raw message

From: Christian Odhner <cdodhner@PrimeNet.Com>
Date: Wed, 30 Nov 94 01:24:03 PST
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: The Market for Crypto--A Curmudgeon's View
In-Reply-To: <Pine.SUN.3.91.941129140718.21998A-100000@crl.crl.com>
Message-ID: <Pine.BSI.3.90.941130020949.13850C-100000@usr3.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 29 Nov 1994, Sandy Sandfort wrote:

> Here's my suggestion.  Eric should unilaterally impose his first
> step, i.e., all unsigned messages and messages with spoofed
> signatures will henceforth be flagged as such.  Let's see what

Not to point out the obvious or anything, but 99% of the people on this 
list are inteligent enough to tell if a post is signed or not, and a 
spoofed sig can be one of two things: a) the actual sender trying to 
'give a good impression' or 'see if anyone checks', or b) a third party 
trying for whatever reason to mislead people into thinking he/she is 
really somebody else that we know/trust. Situation 'a'? I don't give a 
damn, let them do what they want. Situation 'b'? Well the person they are 
spoofing is likely to yell loudly that they didn't write the post in 
question, and also there have been many times in the past where a signed 
message goes by and a few hours later several people have posted 'did 
anyone else get a bad sig check on XXXXX ?' messages... Why should we 
splater the list with 'flagged' messages so that the small percentage of 
us who don't (ever) check sigs will have some way of knowing that 
something was signed?  As my father used to say, "The lord helps those 
who help themselves. Let us go now and do likewise." This seems a little 
too much like a bit of net.welfare approaching. Added to that, it would 
be easy enough to hack toad, or somewhere just 'upstream' of toad, and 
edit out the 'bad sig' flags from selected messages, unless toad.com 
signed all outgoing messages after flagging them, which considering the 
list volume would slow that machine down to a crawl. All in all, I think 
it's too much trouble (for the list admins mostly, but also for those who 
wouldn't sign their posts but now feel compelled to do so) for a false 
sense of security. 

Happy Hunting, -Chris.

______________________________________________________________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner@primenet.com	     | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
cypherpunks         WOw            dCD           Traskcom          Team Stupid
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
------------------------------------------------------------------------------






Thread