From: tcmay@netcom.com (Timothy C. May)
To: jamesd@netcom.com (James A. Donald)
Message Hash: 30e9e01dfaf97433a6770207ef8662b2b32afe85646dd8fe5bdea7409dd85485
Message ID: <199412010957.BAA23404@netcom3.netcom.com>
Reply To: <199412010805.AAA27330@netcom16.netcom.com>
UTC Datetime: 1994-12-01 09:57:25 UTC
Raw Date: Thu, 1 Dec 94 01:57:25 PST
From: tcmay@netcom.com (Timothy C. May)
Date: Thu, 1 Dec 94 01:57:25 PST
To: jamesd@netcom.com (James A. Donald)
Subject: Re: Warm, fuzzy, misleading feelings
In-Reply-To: <199412010805.AAA27330@netcom16.netcom.com>
Message-ID: <199412010957.BAA23404@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
James A. Donald wrote:
(the topic being using ersatz sigs to defeat the sig inspector)
> Actually it is even worse than that: It is like wearing red
> ribbons to protest AIDS.
>
> A checker that checked signatures for consistent ID would
> actually promote cryptography.
>
> A checker that merely checks if a signature looks like
> a signature merely makes cryptography look stupid, like
> a power ranger suit.
I'm back in agreement with James Donald (Chomsky is spinning).
More that just making crypto look stupid, a game to be played, this
whole "toad will only check that the _form_ of crypto is sort of
present" (caveat: this is short-hand for the case presented) defeats
the whole purpose of user-to-user verfication.
I'm interested in systems which actually allow me to _really verify_
sigs if I have to (not often, I hope, and expect), not get a casual
comment from another system/user that it "appears" that a sig is
attached.
I wasn't kidding earlier today (apologies that I'm reading the later
mail first, as I just got home) when I argued that toad messages ought
to be signed. That is, all traffic from toad.
If sigs are to be compelled (Note to Eric on a point he made earlier:
a compelled sig is one which is compulsory if a post is not to be
bounced, as per Eric's message about delaying and then eventually
bouncing unsigned messages), which I consider unwise, then such sigs
should *actually be checked*, with the resulting checked messages then
signed by toad/Eric/Hugh/John/whatever.
Anything less than this is actually counterproductive, as it fosters
a non-Cypherpunkish view of placing trust in others to do what
technology allows one to do directly.
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: majordomo@toad.com with body message of only:
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
Return to December 1994
Return to “werewolf@io.org (Mark Terka)”