From: geoff@commtouch.co.il (geoff)
Date: Sun, 23 Jun 1996 04:20:46 +0800
To: cypherpunks@toad.com
Subject: Bad Signatures
Message-ID: <19960622151152974.AAB277@geoff>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sat Jun 22 18:22:50 1996

On Fri, 21 Jun 1996 10:15:13 "Travis J.I. Corcoran" wrote:

> I use a lisp package for emacs that I wrote to automatically verify
> signatures on incoming mail, so I already see the 10% of messages
> which are improperly signed displayed in a red "bad signature"
> font. Thus, I'd have no need of this service.
>
> Further, it makes philisophical/political sense to me to have
> verification distributed.  Every node should be doing it's own
> security.

I am not convinced. For a mailing list it makes sense for all members 
to be aware of message integrity problems. Not all cypherpunks have 
your lisp package or Pronto Secure which make signature verification of 
the 10-20 pgp signed messages per day on the list a non trivial task.

I also like the idea that cpunks provides as a byproduct a platform for 
developers to test and debug their security products. We really should 
be getting the bugs out of plain text signatures. You cannot expect Joe 
User to differentiate between an intruder and a gateway massaging the
message.

Geoff Klein
Pronto Secure Product Manager
 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMcwPzkLv5OMYFK1FAQH8tgP/Y/Qai5TQj45CGk7U9OdF5BrdycyQpKuE
UfAnlFut/LmgumyiM2wuy6+CPv8mPITAp375rNVx9UxvyRj8Gv8MFfEEuwVFZpNb
WbiWvl2yPBCV/ZBlEdmXJUPhfYto3FFjZX6AwKTMXgHd1j7uW3pBGSW24McEjM2I
aBQ1iDbLUY0=
=Igm9
-----END PGP SIGNATURE-----