[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: net.welfare approaching
-----BEGIN PGP SIGNED MESSAGE-----
<Stay-Puft Marshmallow Man Endangerment mode _engaged_,
for the first time in a while>
Christian Douglas Odhner writes:
> Why should we splater the list with 'flagged' messages
It's entirely unclear to me how adding a line or two to the header of each
list message could possibly be construed as splattering anything. At least, I
didn't see any mention of the scheme involving mailing of form letter
advisories to the list for each invalid dig sig, accompanied by an increase in
DEFCON.
> so that the small percentage of us who don't (ever) check sigs
~~~~~~~~~~~~~~~~
What's your evidence for this ? I'm inclined to doubt this, but I can't see
any empirical point to which anyone could point.
> will have some way of knowing that
> something was signed? As my father used to say, "The lord helps those
> who help themselves. Let us go now and do likewise."
(I would have been out the door within the first few words. YMMV. ;)
> This seems a little too much like a bit of net.welfare approaching.
Oh, puhleeeze ! I sincerely hope that was sarcastic, but I don't believe it
was. Automated checking of digital signatures by mailing list management
software constitutes a form of *welfare* in your book ??? Why should we be
so pampered with an automated mailing list, anyway ? If we were really K00L,
we'd have to pursue the list traffic actively on the net, ideally with a
homemade packet sniffer. If you can't design and build your car from scratch,
you shouldn't be allowed to drive it. Oh, you must have stress-tested the
parts yourself, too.
> Added to that, it would
> be easy enough to hack toad, or somewhere just 'upstream' of toad, and
> edit out the 'bad sig' flags from selected messages,
Feel free to be an 3L33T HAK'R D00D, but I'll cheerfully middle-digit you if
you try to tell me I have to code everything in assembly language.
> All in all, I think it's too much trouble (for the list admins mostly,
Eric, the list admin, seems to be by far the most enthusiastic campaigner for
this plan to date.
[...]
> for a false sense of security.
Are you saying you know a convenient way to forge, say, PGP signatures ?
If not, I don't understand your claim here.
<Stay-Puft Marshmallow Man Endangerment mode _disengaged_>
Personal anecdote time: I've been trying to promote the use of dig sigs at my
site. I happen to be in charge of sending a broadcast message each Monday
morning to announce the dept.'s official weekly coffee rendezvous. I pretty
much have carte blanche w.r.t. the content of the messages, which means I
have to restrain myself mightily from ramming my foot down my own throat.
Anyway, when I started PGP-signing all my mail a few weeks ago, I naturally
began to sign these broadcast messages. Sure enough, I've received more
feedback and curious queries about the signatures than anything else I've ever
written. The short point of this overlong narrative is that leading by
example can have a significant effect, and shouldn't be dismissed lightly as
a means of raising crypto awareness.
Reiterating, I eagerly support the notion of automatic dig sig validation by
the list software. Right now, I'd mostly like to see an end to this torrent
of meta-mail on the list about delaying unsigned messages. Perhaps we could
delay all messages *about* delaying unsigned messages ;}
- -L. Futplex McCarthy; PGP key by finger or server
"Don't say my head was empty, when I had things to hide...." --Men at Work
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
iQCVAwUBLtyEdmf7YYibNzjpAQEo6wQA3GCqJ+iy9TDajUvTjW5NG0qbZnHNI0fb
wAJwjE/QNhsplbJjUq98X+/RWCCiuMggSqAWvjoDjqqrQuzHls0am19hybd+JX5u
2xiodRwK1yChRujaARbSkW5gR4piltbqtPtJ5Pzh17s+ySNGOi9/G077jISpLHHW
oYeXmVXNjaI=
=oFg6
-----END PGP SIGNATURE-----