[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Warm, fuzzy, misleading feelings
I've been following the dig sig fracas with great interest. While
I can see merit in both sides, the pro-sig argument is weakened
by their endorsement of sig spoofing. If the object is to heighten
awareness of crypto and digital signatures, what possible Good
can follow from setting the example that "cypherpunks simulate
signatures"?
The way I see it, either sign or don't sign, but attaching a
bogus signature block to a message for the sole purpose of pacifying
a mailing list requirement diminishes the significance of crypto
and sullies the image of all who participate.
If sigs are required, then valid sigs should be required. Make a
new key pair that's used solely for the purpose of signing your
list mailings. Any resulting damage to reputations or egos signed
by a pilfered low security key would be no more significant than
a forged message left unsigned.
By the same token, I don't see how this proposal does much to spread
the Good Word. Maybe the sole intent is for the participants to share
in the warm, fuzzy feelings of "doing their part". Like flying a kite
for peace or dumping red paint on an already-dead furry animal carcass,
the primary goal of promoting the proper use of crypto seems less
important here than the _perception_ of promoting it. Not everything
that feels good is good for you.
=D.C. Williams <[email protected]>