From: anonymous-remailer@shell.portal.com
To: cypherpunks@toad.com
Message Hash: fac0304bfa5b7d4b919a1eda09bbaf4761644e74966d1838f454b2e4fb0da641
Message ID: <199511190440.UAA01341@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1995-11-19 04:52:55 UTC
Raw Date: Sun, 19 Nov 1995 12:52:55 +0800
From: anonymous-remailer@shell.portal.com
Date: Sun, 19 Nov 1995 12:52:55 +0800
To: cypherpunks@toad.com
Subject: Re: (CANADIAN PRESS REPORTS)
Message-ID: <199511190440.UAA01341@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
On Sat, 18 Nov 1995, jim bell wrote:
> >anonymous writes:
> >> I still feel such a sense of violation with what LD did, such an
> >> utter sense of helplessness at the character assassination I've
> >> suffered at his hands,
> >
> >So use PGP, sign your messages. Simple solution.
>
> Absolutely! Anybody who uses anonymous remailers to post to public areas,
> and does not use digital signatures to prevent spoofing when it is obviously
> needed, is a fool or worse.
Most people believe THAT a digital signature is evidence that I am who my
signature _says_ I am when it really doesn't do that at all. It isn't
reliable at all.
Unfortunately, I've learned the hard way NOT to do that. Digital
signatures don't prevent spoofing.
In fact, I think that thinking something is secure when it isn't leads
to even more trouble, and could even lead to many tragedies.
In a nutshell, here's the problem.
If someone takes my pgp secret keyring and my password, then they can
sign a message *digitally* so that people believe the spoofed message is
really from me. In fact, since most people tend to rely on a pgp message
far more than a non-pgp message, most people would be absolutely
convinced that the message was in fact from me.
Signing with PGP is just not a solution.
Alice de 'nonymous ...
...just another one of those...
P.S. This post is in the public domain.
C. S. U. M. O. C. L. U. N. E.
Return to November 1995
Return to “James Black <black@eng.usf.edu>”