From: tcmay@netcom.com (Timothy C. May)
Date: Thu, 1 Dec 94 01:57:25 PST
To: jamesd@netcom.com (James A. Donald)
Subject: Re: Warm, fuzzy, misleading feelings
In-Reply-To: <199412010805.AAA27330@netcom16.netcom.com>
Message-ID: <199412010957.BAA23404@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


James A. Donald wrote:

(the topic being using ersatz sigs to defeat the sig inspector)

> Actually it is even worse than that:   It is like wearing red
> ribbons to protest AIDS.
> 
> A checker that checked signatures for consistent ID would
> actually promote cryptography.
> 
> A checker that merely checks if a signature looks like 
> a signature merely makes cryptography look stupid, like
> a power ranger suit.

I'm back in agreement with James Donald (Chomsky is spinning).

More that just making crypto look stupid, a game to be played, this
whole "toad will only check that the _form_ of crypto is sort of
present" (caveat: this is short-hand for the case presented) defeats
the whole purpose of user-to-user verfication.

I'm interested in systems which actually allow me to _really verify_
sigs if I have to (not often, I hope, and expect), not get a casual
comment from another system/user that it "appears" that a sig is
attached.

I wasn't kidding earlier today (apologies that I'm reading the later
mail first, as I just got home) when I argued that toad messages ought
to be signed. That is, all traffic from toad. 

If sigs are to be compelled (Note to Eric on a point he made earlier:
a compelled sig is one which is compulsory if a post is not to be
bounced, as per Eric's message about delaying and then eventually
bouncing unsigned messages), which I consider unwise, then such sigs
should *actually be checked*, with the resulting checked messages then
signed by toad/Eric/Hugh/John/whatever.

Anything less than this is actually counterproductive, as it fosters
a non-Cypherpunkish view of placing trust in others to do what
technology allows one to do directly.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: majordomo@toad.com with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay