From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 17 Jan 1996 16:56:04 +0800
To: ckey2@eng.ua.edu
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
Message-ID: <01I038C6R8X2A0UHYW@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: ckey2@eng.ua.edu (Christopher R. Key)

>First of all, if the recipient is a newsgroup, why would that particular
information need to be part of the signed information?  If you post to a
newsgroup a message that is only signed (as opposed to encrypted also), 
then you are obviously not worried about who reads it.  The signature is 
only a method of proving that the important text (message) is unchanged and
intact, and that the person who it is supposed to be from is the same who 
signed it.
--------------
     How about proving that you _weren't_ spamming? I.e., an enemy spots a
message on a newsgroup from you with a signature, then duplicates it with
header modifications on 500 newsgroups including news.admin.net-abuse.misc
(to add insult to injury). Sorry if a bunch of other people have pointed this
out by the time my message gets to toad.com, but...
     -Allen