[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Signing Messages & Other Ramblings



-----BEGIN PGP SIGNED MESSAGE-----

First, I would like to make sure that Eric Hughes knows that by his simple
little push he has gotten someone (me) to install some code for Emacs to
auto-sign messages.  This, with external editing capabilities of Pine,
allow me to sign all my outgoing mail extremely easily.  If anyone would
like help on this, just send me mail, and I can explain how to do it.

L Detweilers obvious disliking towards people not being who they say they
are.  This is an obvious problem with the net.  The net is based on a
model of people trusting everyone else.  Nothing that is posted or or sent
out from net machines has verification on it.  Currently this implies that
the users need to do their own verification.  Creating software that
automatically handles signatures in and out, handles the fact that every
machine but your own is not to be trusted.  Assuming that people are going
to be truthful and nice to you all the time is a nice fantasy, yet it
rarely happens.  It does happen more often on the Net than it does is
"Real-Life" though.

I have spoofed mail before, mostly as a joke among friends.  All of my
"targets" were told sooner or later about the joke.  Because this
information is not new to me, I don't expect all mail to me to be
originating from the person it says it's from.  You must judge incoming
mail, and posts, on their content.  If you have questions about the
content than demand some sort of proof of who they say they are.

People have said they feel "RAPED" when they discover they are talking to
people who aren't who they say they are.  "Raped" is a harsh word, but
chosen obviously for it's violent connotations, even if these connotations
are a bit wrong.

Being the target of "spoofed" mail is like being conned, obviously no one
likes be show that s/he is ignorant.  It hurts, but at the same time, you
shouldn't expect everyone to play by the "honor-system".

When I read mail from people I usually assume it is from the person in the
"From:" line.  But if the mail is something absurd, or controversial, then
I don't automatically assume this.  If for example there was a post from
Hal Finney about the great new digi-cash system that he had implemented
and that it had financial banking from a rich middle eastern country.  I
would probably check the signature, and then even after that I would
probably still wait and see if it was a "black-net" post.

Well, this post has gotten to the length were many people will probably
not read it, so I will stop here, and continue with some other comments
about the new anon-remailer tomorrow.

 -Matt                              | Use the normal means to extract my 
 ([email protected]) | public key for proof of this message

 "That which can never be enforced should not be prohibited."



-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLMs3K+aKxB8nktcBAQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvtox
PkXyfYKnOlzsIjp2toust1Q5A3/n54PBKrUDN9tHVzui6XaCZmKH68fOWYYySKAz
6hanC0R3seYNhUYhoJViCcCG3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht
sRjLQr4iVVM=
=9wqs
-----END PGP SIGNATURE-----