[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP posting validation
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 16 Jan 1994, DrZaphod wrote:
> Robert A. Hayden [[email protected]] wrote:
Just to verify, I followed up to a previous posting, it wasn't mine
originally :-)
>
> > > Here's my two cents' worth- how about a filter on incoming mail to the list
> > > that performs these functions:
> > > 1) check the incoming post for a PGP signature
> > > 2) If a sig is found, check it against the list's public keyring
>
> Hmm.. this would allow us to prove that THE LIST thinks he's
> who he says he is.. or who THE LIST tells us he is.. Now, I am not
> paranoid against THE LIST, but I suggest that THE PEOPLE should
> not filter THEIR thoughts. What of censorship [on an aside, is there
> a censor apprenticeship? Why the 'ship?']!? If you must censor..
> censor your own messages with filters running on your own machine..
> maybe even publish your filter list to the net so we can all understand
> each other. Remember that there will always be a percentage of noise
> in any public forum.. there is no average without these outliers.
> For a group SO interested in RANDOM numbers, some people sure do want
> to organize everything. TTFN.
Please don't take this as confrontational (ie, this is not a flame :-)
How would requiring that postings made to a list be verifyable be
censorship? What it does is verify that REAL people posted the message
and that the person who's address is on the message is actually the person
that posted it.
Now, granted, I suppose it could end up dumping some postings because
they were forged, and that is sort of censoring. But it isn't censoring
based on content, but based on the fact that it appears to be a forgery.
And by bouncing a message back to the person that posted it, you give
them an opportunity to repost (this time signed) in case they forgot.
Also, as for the filter idea. If some jerk is posting a message as
appearing to come from [email protected], yes, I could add that address
to my filter and delete it before i see it, but if the jerk starts
posting as coming from [email protected], I'd have to add another filter
line.
By doing a check of the digital signature against the posters public key,
you eliminate most instances of forgery. Of course, if the poster's key
is compromised, that's a different story.
____ Robert A. Hayden <=> [email protected]
\ /__ -=-=-=-=- <=> -=-=-=-=-
\/ / Finger for Geek Code Info <=> To flame me, log on to ICBMnet and
\/ Finger for PGP 2.3a Public Key <=> target 44 09' 49" N x 93 59' 57" W
- -=-=-=-=-=-=-=-
(GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLTnJ/53BsrEqkf9NAQEUNgP/ZcToPpXmZ1LodtlMUi3xibxppUEAKv5H
czC97H08Lewk+E9Ss2eRjJWWfMsqTE7Yo1o7iAD+aB6dhrpSLNJ4XuTLD/Z8SWO2
OeWZTgSp1gwAbqrQBRyIkq0Ocu5GgI9bURzqoSfUQ6s1sPi8fSqICghG0vV5sXYd
IFqoEJQSTPc=
=sIKV
-----END PGP SIGNATURE-----