[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP posting validation



> >   Robert A. Hayden [[email protected]] wrote:
> 
> Just to verify, I followed up to a previous posting, it wasn't mine 
> originally :-)

	Yep.. sorry about the confusion.. I wiped the first msg.. and
only had your reply to go on.  

	Now on to the topic at hand.

> Please don't take this as confrontational (ie, this is not a flame :-)

	I always associated flames with rash, unfounded accusations..
It's ok to confront.. |-]

> How would requiring that postings made to a list be verifyable be 
> censorship?  What it does is verify that REAL people posted the message 
> and that the person who's address is on the message is actually the person 
> that posted it.

	No, verifying identities [even pseudonyms] is fine.. if you
trust THE LIST.. which is also fine.. but it does leave a gap.
[note: this filter approach is similar to the Clipper chip in that
       it provides a [possibly] false sense of security -- if people
       want to filter what they see, trust in themselves and don't
       filter what other people see]

	  This also eliminates anonymous postings.
Well.. unless the filters are willing to let all messages that
are from people NOT registered with THE LIST thru.. 

> Now, granted, I suppose it could end up dumping some postings because 
> they were forged, and that is sort of censoring.  But it isn't censoring 
> based on content, but based on the fact that it appears to be a forgery.  

	If THE LIST wants to tack on a little note at the top of
every msg saying "VERIFIED AUTHOR WITH LIST DATABASE" then fine..
but don't FILTER it.  

> And by bouncing a message back to the person that posted it, you give 
> them an opportunity to repost (this time signed) in case they forgot.

	a warning from THE LIST, no less.

> Also, as for the filter idea.  If some jerk is posting a message as 
> appearing to come from [email protected], yes, I could add that address 
> to my filter and delete it before i see it, but if the jerk starts 
> posting as coming from [email protected], I'd have to add another filter 
> line.

	If THE LIST can filter msgs by PGP sigs, then so can you.  It
will be no more work for you.

> By doing a check of the digital signature against the posters public key, 
> you eliminate most instances of forgery.  Of course, if the poster's key 
> is compromised, that's a different story.

	By trusting validation to just HAPPEN to your incoming mail
on some remote location is ludicrous.

In conclusion. . .  

	All too often people want to patch a problem and have it go
away.. for everyone.  Why don't we make the solution available to
everybody, not make the solution for everybody.

Nice chatting, Robert.  I'm sure I'll be seeing more.  TTFN.

> ____        Robert A. Hayden          <=> [email protected]

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [[email protected]] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-