From: shamrock@netcom.com (Lucky Green)
To: cypherpunks@toad.com
Message Hash: 6ebfb70126aa0058b6c97cf696f5c965186862d3e7132eb06029f8032e637075
Message ID: <v02120d8cadf1df6287ff@[192.0.2.1]>
Reply To: N/A
UTC Datetime: 1996-06-22 23:01:10 UTC
Raw Date: Sun, 23 Jun 1996 07:01:10 +0800
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 23 Jun 1996 07:01:10 +0800
To: cypherpunks@toad.com
Subject: Re: Bad Signatures
Message-ID: <v02120d8cadf1df6287ff@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain
At 18:12 6/22/96, geoff wrote:
>> Further, it makes philisophical/political sense to me to have
>> verification distributed. Every node should be doing it's own
>> security.
>
>I am not convinced. For a mailing list it makes sense for all members
>to be aware of message integrity problems. Not all cypherpunks have
>your lisp package or Pronto Secure which make signature verification of
>the 10-20 pgp signed messages per day on the list a non trivial task.
If you think about the issue in more detail, you will realize that having a
third party do signature verification is no more useful than having a third
party do your encryption for you. In other words, not only is it not
useful, it is downright dangerous, since it provides you with a false sense
of security. If someone wishes to bounce messages that don't verify back to
the originator, great. But please do not further add to list traffic by
bouncing these messages to the list.
Thanks,
-- Lucky Green <mailto:shamrock@netcom.com>
PGP encrypted mail preferred.
Disclaimer: My opinions are my own.
Return to June 1996
Return to “shamrock@netcom.com (Lucky Green)”
1996-06-22 (Sun, 23 Jun 1996 07:01:10 +0800) - Re: Bad Signatures - shamrock@netcom.com (Lucky Green)