1994-12-01 - Re: “Cyherpunks Named Official Signing Authority”

Header Data

From: “Pat Farrell” <pfarrell@netcom.com>
To: cypherpunks@toad.com
Message Hash: 36be69d0ddea68331e7e80e014ce90e5040af0ea538848fa2d19fc4202c1abec
Message ID: <74242.pfarrell@netcom.com>
Reply To: N/A
UTC Datetime: 1994-12-01 01:41:50 UTC
Raw Date: Wed, 30 Nov 94 17:41:50 PST

Raw message

From: "Pat Farrell" <pfarrell@netcom.com>
Date: Wed, 30 Nov 94 17:41:50 PST
To: cypherpunks@toad.com
Subject: Re: "Cyherpunks Named Official Signing Authority"
Message-ID: <74242.pfarrell@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


This thread is starting to sound a lot like a religious argument.
Lets try to act like adults and hold off on the "did so" "did not"
arguments. If we have to agree to disagree, fine.

Not to point at eric in the above,  this is in response to one of his
messages, and I don't want to increase the volume on the list by using two.


eric@remailer.net (Eric Hughes) writes:

> If the crypto hooks are there for sending mail, you're more than
> halfway there for receiving mail.  And yes, this is also something to
> encourage.
>
> Your argument can be construed to say that since I can't encourage
> signature checking, that I should add that to my list of requirements.
> I've been pretty vocal about my desire for partial benefit short of
> what is possible.  If server actions don't help signature checking,
> OK, well then, they don't, ca va.

There is a key point that is missed here. Lets assume you hack majordomo
so that it pipes messages thru a filter to classify signatures.
We get classes like:
   1)     "gold star: its signed" like this message.
   2)     "silver star: signed by an unknown nym"
   3)     "non-follower alert: unsigned message"
   4)     "unverified key, be _very_ careful"
   5)     "bogus alert: fraud! fake signature" (no one we know
           would do that :-)
and whatever else makes sense.

So the hacked majordomo puts in a new header that classifies the
message according to this taxonomy. It mails/forwards the messages to
the thousands of waiting c'punks. Maybe after a delay or two.

I get the message, look at the header, and say, Hmmm.
Has someone hacked the classification?
Maybe we need to have majordomo sign the message/header
so we know that the true c'punk classifier has verified it?

But then we ask, Hmmm, is this a hacked majordomo? After all, no sane
person will read and manually verify the flood of c'punk messages.
So some daemon is doing it all. And daemons can be hacked.

Pretty soon, we end up with cycles and epicycles, worse than medival
planatary motion theory. Not a winner. I don't see a robust solution,
even granting that Eric et al are smart, hardworking, etc.

anyone else see a solution?

Other than dropping this thread, or sending mail to cypherpunks@c2.org,
of course...

Pat

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLt0hLrCsmOInW9opAQF8MAP9HgyKfRsCo17EujXBJgDrYhYCmlqEf1do
riMON+tKtzFCIgzK4s6kS4t1ULYuLaYIpcI4kulHECi7uJ5dMkkyboqiJpmSP4Zo
IAIQvaLSXX7gHIF1J2dwSuakDDgr8OomHuSCWMsWx+piAX+vY4n/kiAjmmZWYY7k
6O+/twNTba0=
=ZXOx
-----END PGP SIGNATURE-----

Pat Farrell      Grad Student                 pfarrell@cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





Thread