1996-01-31 - On the value of signatures (was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)

Header Data

From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Message Hash: 7d7981eb9e778a237a5c4c2f05ae90d79877d5da2085839b8d31ba3f396354c3
Message ID: <960130.060958.4c1.rnr.w165w@sendai.cybrspc.mn.org>
Reply To: <Al3Ie8GMc50e0WY6IN@nsb.fv.com>
UTC Datetime: 1996-01-31 04:53:28 UTC
Raw Date: Wed, 31 Jan 1996 12:53:28 +0800

Raw message

From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Wed, 31 Jan 1996 12:53:28 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: On the value of signatures (was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
In-Reply-To: <Al3Ie8GMc50e0WY6IN@nsb.fv.com>
Message-ID: <960130.060958.4c1.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


In list.cypherpunks, nsb@nsb.fv.com writes:

> I use PGP about 20 times per day.  I use it in a manner that is
> *meaningful*.  Unless we have in some way or another verified each
> others' keys, it is meaningless for me to sign a message to you. 
> Putting a PGP signature on a message to someone who has no way of
> verifying your keys is a nice political statement, but is utterly
> meaningless in terms of adding any proof of the sender's identity.  --

You are incorrect.  Keys can always be obtained, and signatures can be
verified at any time.  But an unsigned message can _never_ be verified
as to its origin.

You may not have my key, but I still sign this message (as I have signed
all my net traffic for over 3 years).  I do this to protect the
reputation capital I've built up.

> PS -- On the off chance that anyone really doubts this is me, I will
> shortly send cypherpunks a message that has my own voice AND a PGP
> signature thereupon.  That way, you can check my identity if you either
> recognize my voice OR have verified my fingerprint.  Sheesh.  -- NB

Sheesh, yourself, Nathaniel (if that _is_ your True Name).  You're
showing a real attitude here, as though your reputation alone should be
enough to convince us of your messages' validity.  A malicious attacker
would be likely to bluster this way to deflect discovery of hir ruse.
We're all nyms on the net.  And yours wears no armor.
- -- 
Roy M. Silvernail --  roy@cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

Version: 2.6.2