From: anonymous-remailer@shell.portal.com
Date: Sun, 19 Nov 1995 12:52:55 +0800
To: cypherpunks@toad.com
Subject: Re: (CANADIAN PRESS REPORTS)
Message-ID: <199511190440.UAA01341@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 18 Nov 1995, jim bell wrote:

> >anonymous writes:
> >> I still feel such a sense of violation with what LD did, such an
> >> utter sense of helplessness at the character assassination I've
> >> suffered at his hands, 
> >
> >So use PGP, sign your messages.  Simple solution.
> 
> Absolutely!  Anybody who uses anonymous remailers to post to public areas,
> and does not use digital signatures to prevent spoofing when it is obviously
> needed, is a fool or worse.

Most people believe THAT a digital signature is evidence that I am who my
signature _says_ I am when it really doesn't do that at all.  It isn't
reliable at all. 

Unfortunately, I've learned the hard way NOT to do that.  Digital 
signatures don't prevent spoofing.

In fact, I think that thinking something is secure when it isn't leads 
to even more trouble, and could even lead to many tragedies.

In a nutshell, here's the problem.

If someone takes my pgp secret keyring and my password, then they can 
sign a message *digitally* so that people believe the spoofed message is 
really from me.  In fact, since most people tend to rely on a pgp message 
far more than a non-pgp message, most people would be absolutely 
convinced that the message was in fact from me.

Signing with PGP is just not a solution.



Alice de 'nonymous ...

                                  ...just another one of those...


P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.