[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Shouldn't "toad" messages be signed?




---BEGIN PGP SIGNED MESSAGE---

This message originates at "toad.com" and is hereby signed by the
Cypherpunks Signature Authority:

---BEGIN PGP SIGNED MESSAGE---


It seems clear to me that by the logic of this thread, *all* messages
passing through toad to us should naturally be _signed_. After all,
how do we know if an "approved" message has indeed passed through
toad? Someone else could be spoofing the account.

If we are to place additional trust in toad.com, via the proposed
checking of sigs, then toad itself should sign all messages!

This will produce nested sigs, as I attempted to illustrate above
(apologies if I got the precise syntax wrong). And (at least) two full
sig blocks at the bottom (not illustrated here). At the least, short
messages will become quite a bit longer. 

And will today's tools allow easy extraction of first the toad sig,
then the enclosed sig?

Seems to me that if Eric wants to start encouraging use of sigs, that
a good first start would be for toad to sign all messages.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: [email protected] with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay