1994-12-01 - Re: Warm, fuzzy, misleading feelings

Header Data

From: eric@remailer.net (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 1999dea9cd6ffdee43a3e816c50d45a02568ac577c39c5cb9a04bf4b950380ec
Message ID: <199412011950.LAA13468@largo.remailer.net>
Reply To: <199412010119.RAA06900@python>
UTC Datetime: 1994-12-01 18:51:21 UTC
Raw Date: Thu, 1 Dec 94 10:51:21 PST

Raw message

From: eric@remailer.net (Eric Hughes)
Date: Thu, 1 Dec 94 10:51:21 PST
To: cypherpunks@toad.com
Subject: Re: Warm, fuzzy, misleading feelings
In-Reply-To: <199412010119.RAA06900@python>
Message-ID: <199412011950.LAA13468@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


   From: "Dr. D.C. Williams" <dcwill@python.ee.unr.edu>

   While I can see merit in both sides, the pro-sig argument is
   weakened by their endorsement of sig spoofing. If the object is to
   heighten awareness of crypto and digital signatures, what possible
   Good can follow from setting the example that "cypherpunks simulate
   signatures"?

To someone who doesn't know what a digital signature is at all, it
doesn't matter if it's real or faked.  Communication to these people
is entirely from the odd-looking form of the appendages.

The ability to spoof a signature is an artifact of incomplete notions
and implementations about key distribution.  Were these problems
solved, I would consider actually verifying all signatures.  These
problems are not solved to my satisfaction, however.  The inability to
check a signature does not, however, render useless those other
functions that still work.  I advocate partial progress, and the lack
of a benefit is not sufficient argument against things that actually
work.

   The way I see it, either sign or don't sign, but attaching a
   bogus signature block to a message for the sole purpose of pacifying
   a mailing list requirement diminishes the significance of crypto
   and sullies the image of all who participate. 

If you don't have a public key, it doesn't matter if the signature was
real or faked; you still can't verify it.

One of the purposes of this proposal is to encourage people to change
their software to automatically sign.  The harder part of this is to
change it to do anything automatically.  The signature making part is
fairly trivial by comparison.  The benefit I want more, of the two, is
the automaticity.  If, for whatever reason, actual signing can't
happen, I am content with the form of a signature.

   Make a
   new key pair that's used solely for the purpose of signing your
   list mailings.

That's fine, and I agree with the idea as a solution to the insecurity
of keys on a public machine.  I do not, however, feel I need to insist
that everyone do this.

   By the same token, I don't see how this proposal does much to spread
   the Good Word.

1. Crypto-unaware people will see the form and ask what it is.

2. Crypto-aware people will alter their software to do something
automatically.

  2a.  Many, perhaps most, of these people will use real crypto once
auto-something already set up.

Eric





Thread