[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ADMIN: Shall we sign?

To: [email protected]
Subject: ADMIN: Shall we sign?
From: [email protected] (Timothy C. May)
Date: Sun, 24 Oct 93 23:06:53 PDT

*********************************************************************
*******THIS MESSAGE HAS BEEN SIGNED BY "TIM'S REALLY NEAT SYSTEM"****
*********************************************************************

I see some problems, for me at least:

1. I run MacPGP home machine, and using it is a boring and
time-consuming prcess. Many of you know about this. (Ironically, it's
more secure for me to run it on my home machine, instead of on Netcom,
but it means a lot more work.)

2. I also have plain old PGP running on one of my DOS laptops, and I
sometimes use RSADSI's "MailSafe" on this, even to sign. (But not
often, that's for sure.)

3. For quick responses, where response time is more important anyway,
I cannot see jumping through all these hoops. Ironic, isn't i?

4. If the signatures are not to be verified, or even to be looked at
very closely, then the situation presented at the beginning of this
message will flourish: phony sigs to beat the delay. 

5. Eric alluded to such proliferation being a Good Thing. I think not,
as it will trivialize real sigs and will in some sense turn digital
sigs into a kind of running joke on the list. Not a good thing, in my
view.

6. The sitiuation with L. Dettweiler and S. Boxx, tragicomic as it
was, would not have been materially affected. Both would have "signed"
their messages in some way  and what would then have been
accomplished? (In some sense, both _were_ signed: Dettweiler by the
origin of his message and the hard-to-spoof 
"an12070" (or whatever) that S. Boxx used.)

While I'm not sure if the LD/S.Boxx situation, and the general claims
of "pseudospoofing" are motivating Eric's idea, I certainly don't see
a system of "weak" digital sigs (weak meaning no real checking) doing
anything.

7. Finally, I have yet to see any serious evidence that this so-called
pseudospoofing is going on, that is, that people are pretending to be
others. I know Dettweiler _thinks_ that I am using the nyms of Jamie
Dinkleacker, Nick Szabo,  and others, but this is arrant nonsense.
(And to repeat the obvious, as noted above, if I _were_ using other
identities in this way, digitally signing the messages would be
trivial and would in fact create a false sense of security, as others
have also noted.).

I've never seen anyone else claim to be me, at least not seriously,
nor have I ever suspected such pseudospoofing is actually going on.

--Tim

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
Note: I put time and money into writing this posting. I hope you enjoy it.

Follow-Ups:
- Re: ADMIN: Shall we sign?
  - From: Eli Brandt <[email protected]>

Prev by Date: Re: Net Regulation
Next by Date: Re: Net Regulation
Prev by thread: Chris Odhner?
Next by thread: Re: ADMIN: Shall we sign?
Index(es):
- Date
- Thread