From: shamrock@netcom.com (Lucky Green)
Date: Sun, 23 Jun 1996 07:01:10 +0800
To: cypherpunks@toad.com
Subject: Re: Bad Signatures
Message-ID: <v02120d8cadf1df6287ff@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:12 6/22/96, geoff wrote:

>> Further, it makes philisophical/political sense to me to have
>> verification distributed.  Every node should be doing it's own
>> security.
>
>I am not convinced. For a mailing list it makes sense for all members
>to be aware of message integrity problems. Not all cypherpunks have
>your lisp package or Pronto Secure which make signature verification of
>the 10-20 pgp signed messages per day on the list a non trivial task.

If you think about the issue in more detail, you will realize that having a
third party do signature verification is no more useful than having a third
party do your encryption for you. In other words, not only is it not
useful, it is downright dangerous, since it provides you with a false sense
of security. If someone wishes to bounce messages that don't verify back to
the originator, great. But please do not further add to list traffic by
bouncing these messages to the list.

Thanks,


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.
   Disclaimer: My opinions are my own.