From: ? the Platypus {aka David Formosa} <dformosa@st.nepean.uws.edu.au>
Date: Sat, 9 Aug 1997 22:53:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: forgeries are good for you (was Re: REPOST : Un-forgeable Cancels)
In-Reply-To: <199708081827.TAA01595@server.test.net>
Message-ID: <Pine.LNX.3.93.970810113545.273E-100000@shirley>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 8 Aug 1997, Adam Back wrote:

[...]

> But that's cool!  Y shouldn't be able to cancel the forgery ... he
> didn't write it.  

[...]

> I mean this seriously.  People should stop misplacing any value on
> From fields.  You need to use digital signatures to recognize
> persistent personas.

This is true but with everthing there is a trade off between securaty and
efficency.  There are many posts on usenet that are just not worth the
cost of checking there sigs.  If I had to depend only on the sig reather
then having the chouse of only checking the sig on susouse posts I
wouldn't be able to read as much usenet as I do.

> (David = David Formosa?)

Yes.

> What's the point of this?  To provide a way to stop unsophisticated
> forgeries without needing NoCeM support in the client? 

Not mean clients have the capsity to issue NoCeMs,  a lower number of
peaple have anough reputation to issue them.

> I guess it would work well enough, but it's really a bit centralised.

Not realy, when finished I will distrabute the sourse.  The hope is that
we will have a number of compeating retraction servers around the world.

> The operator of the retraction server might be over trusted by a lot
> of people.

True.  But building up that type of trust is possable.

> If the operator turns out to be untrustworthy, or whatever, you're out
> of luck.

No you simply more to the other retraction server.  There will be nothing
unqueek about one server then anouther.

> Also break into his machine and steal his secret key and you could
> have a _lot_ of fun.

This is true of cause.

>  And it's only one machine, what if his security isn't up to much.

Its not going to only be one machine.

> Think decentralised.

We are.

- -- 
Please excuse my spelling as I suffer from agraphia see the url in my header. 
Never trust a country with more peaple then sheep.  ex-net.scum and proud
You Say To People "Throw Off Your Chains" And They Make New Chains For
Themselves? --Terry Pratchett

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBM+0dOqQK0ynCmdStAQGU7gP/c9NRABskCeUTF93BhGjEeWVSeKIMG+Ma
TeXXzzKiOcRcUsebBc4smOIprPKmVavwFizH6hmmpr8G8BZZVchaNgCeo1IkeY8w
rdT/WB4i3UUFBVT4l4nToUJPim9GxvNh3YFCK3rkWDza50rrVFN3MFF3FvI2bc1G
7wAgzlMOjX0=
=C/ey
-----END PGP SIGNATURE-----