From: Mike Fletcher <fletch@ain.bls.com>
To: cypherpunks@toad.com
Message Hash: 355c653942e93b4bc2cfddf509c9b3c363686b9829edb2027d0c7974bb47166f
Message ID: <9604181451.AA26234@outland.ain_dev>
Reply To: <199604180537.WAA01617@gulch.spe.com>
UTC Datetime: 1996-04-18 19:11:09 UTC
Raw Date: Fri, 19 Apr 1996 03:11:09 +0800
From: Mike Fletcher <fletch@ain.bls.com>
Date: Fri, 19 Apr 1996 03:11:09 +0800
To: cypherpunks@toad.com
Subject: Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <199604180537.WAA01617@gulch.spe.com>
Message-ID: <9604181451.AA26234@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain
> I run a small mailing list that has been subject to problems
> similar to the recent spate of "unscrives". Apparently there is a
> list of mailing lists circulating the warez boards along with scripts
> for spoofing subscription requests. Over the past few months my list
Ah, KaNN3d t00Lz: the incompitent kRak3r'z best friend. :)
> Crypto relevance: This attack will be eliminated when more mail
> agents support public key crypto and the mailing list software can be
> modified to check signatures on subscription requests.
But you're presupposing a public key distribution mechanism
such that the list software can get a key for that user. And that
that's a valid key for that user, not a key that J Random kRak3r didn't
just send in for his clueless AOL victim before said victim established
a public key.
At any rate, has something like this been put into the current
PGPdomo? I don't think that it would be too hard to hack in a query
to a web keyserver to grab a key. If the initial request's not
signed, maybe include a note about how to go about getting PGP and
putting a key on the keyserver (or a pointer to instructions on the
web).
---
Fletch __`'/|
fletch@ain.bls.com "Lisa, in this house we obey the \ o.O' ______
404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------
Return to April 1996
Return to “Patrick May <pjm@spe.com>”