[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The Market for Crypto--A Curmudgeon's View
-----BEGIN PGP SIGNED MESSAGE-----
> From: [email protected] (Eric Hughes)
> Let me review the exact proposal. First, a recognizer is set up at
> toad.com to distinguish between digitally signed and unsigned
> messages. Second, some action on the message would be taken, which
> would gradually increase in effect over time. The first action would
> be to add a header to the end of the mail identifying it as unsigned.
> A later action would be to delay the mail at the server for some
> amount of time. A final action would be to delete or bounce messages
> that weren't signed.
Perhaps something a little more useful would be a little more palatable.
I have a feeling that something like the above would sound gratuitous to
many on the list. A better way would possibly be to have some
value-added service offered by the list server which involves encryption
or digital signatures.
Here are a few ideas:
1. What if all messages on the list were themselves signed by
"Cypherpunks List <[email protected]>"? (yeah, I'm reaching here; let
my brain warm up...)
2. Encrypted submission to the list. This could be useful if used in
tandem with remailers, perhaps...
3. Offer anonymization locally. Messages posted this way could appear
as "cypherpunks-reader@somewhere" or something like that. When combined
with remailers and encryption (like #2 above), this could mix things up
with respect to anonymous mail. As another (possible) option, the
remailers could be set to recognize [email protected] and send in
such a way as to use this local anonymizing.
4. Auto-verify signed messages. Put a header at the top of signed
messages such as:
[Signature verified. ID: Joe Blow <[email protected]>]
[Bad signature! ID: Joe Blow <[email protected]>]
for tested signatures. This would either require a key registry (where
you register your public key with the list server) or an interface to the
key servers. This would of course imply quite a few changes to the list
server code, as well as possibly non-trivial resources to do the
processing, but hey, social imperatives don't have to answer to reality,
now, do they? (At least they never seem to when the government is
concerned. :-)
Two variants: Strip the signatures after verifying them, and/or marking
unsigned posts in a similar way.
5. Allow the option to encrypt list messages before sending. If we used
#4 above, this could encrypt with the public keys; otherwise, it could
use conventional encryption. This could be a great boon to readers whose
sysadmins might take a dim view of them reading such an antisocial list.
:-) Corollary: allow the option of sending the list, encrypted, through
the remailers as well without requiring a pseudonymous remailer.
I'm sure I could think of more lamebrained ideas given enough time and
motivation. :-)
> I do, however, agree with the other two premises of Tim's
> hypothetical. I do think that crypto isn't being used by enough
> people. I realize that the exact meaning of 'enough' is subjective,
> so let me rephrase. I do think that crypto is being used by fewer
> people than I want. I also believe that setting an example is a good
> thing, because it signals an achievable task to those who are
> considering doing it.
I would agree, though I would suggest that holding out carrots (neat
features you can take advantage of if you encrypt) would work better than
punishments (your posts won't get through as fast if you don't sign your
posts). Does that make me a Puller?
> When I first proposed server actions last year, it was with the full
> realization that I wouldn't be signing my own posts and would thereby
> be subject to the delay (the first-proposed action). This post isn't
> signed either.
This post is. :-) I'm a believer that it serves as effective spoof
insurance. But, then again, I've got a direct Ethernet link to the net
on my Windows box at work and Linux at home, so it's easy for me.
Also, I wasn't even a lurker at that time, so my suggestions may be old
hat. If so, please bonk lightly!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBLtuijTER5KvPRd0NAQFfXAQAgDrbMlEJBXU2V9NIquHNQGonE/dwwH0I
aEnykWh+8Bu3hCdqYgbv6zhe7gc+0itb/QuwHMpUn8MNHE6VhykFPl+i7c3HOibf
0yAqPVy10UNMuJY6LxqSxfrTKwV/sFcnRWDaJcboL3MvTFrwRqC3ItdaOeokKvx2
1Cgv1ioQqfc=
=gzbV
-----END PGP SIGNATURE-----