[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Timothy C. May: Mini-mailbombs and Warning Letters
-----BEGIN PGP SIGNED MESSAGE-----
Message-Signature-Date: Thu Sep 28 14:13:09 1995
> To: [email protected]
> From: [email protected] (Timothy C. May)
>
> At 6:33 PM 9/27/95, Travis Corcoran wrote:
>
> What I call a robo-warning was this:
>
> " P.S. This mail was composed by my mailreading sftwr, which
> automatically scans incoming mail, looking for failed keyserver
> requests, and prompts me whether it should automatically send this msg
> on my behalf. If there is a bug w this sftwr (for example, you never
> PGP sign your msgs, so this entire msg makes no sense), or if you're
> interested in the software itself (mail-secure.el: a package in lisp
> for emacs; this is just one of the many crypto/privacy related things
> it does) please mail the author of this package ( [email protected])
> for details.
Well, I still don't understand why you call a message that says
1) "I tried too verify a signature"
2) "please mail me your key"
3) "if there's a bug, please mail the author"
a "warning".
I guess we're just using the word "warning" differently...
> As to whether I needed to respond to your robo-warning about how
> your automatic scan of incoming mail produced some kind of
> Signature Failure Condition Red at your end, I just ignored your
> message.
I never stated or implied that anyone "needed to" respond to
query-mail. To the contrary, I said in all seriousness that ignoring
query-mail was "a fine anarchistic solution to the problem".
> As others will attest, when people ask me for my key in a
> non-automated way, I usually send it to them.
Well, I still don't understand your objection to labor-saving software
any more than I understand the lifestyles of the Amish, but that's my
problem, not anyone else's.
> My _overall_ point was not to attack Travis C., who I don't think I
> even mentioned by name, but to point out that great care must be
> taken in running automated mail-response programs
I did not take your comments on mail-secure.el as an attack on myself,
but I did want to defend both the use of labor-saving software and
parts of my particular implementation. Specifically, I defended the
package against incorrect accusations on your part:
1) the query-mail was not a warning
2) the query-mail was not in response to the content of a post
3) the query-mail was not the first method used, but a last-ditch attempt
4) a human is in the loop
5) the keyserver used is not based on some trivial "preference"
However, I do agree whole-heartedly with your above assertion that
"great care must be taken in running automated mail-response
programs". For this reason I have responded to your and other posts
by adding features to the package to make it even less likely to
bother people who don't want to be bothered.
> Finally, since Travis is making a fairly big deal over my citing of
> his post (though anonymously, as I recall), I'd like to see the
> post he claims I signed.
To the very best of my knowledge *I* did not send you a piece of mail
requesting your key...I've had your key in my keyring for over a year.
Further, I am not asserting that I saw a signed message from you any
time recently.
> >If anyone has a constructive suggestion as to how this mail could be
> >changed to convey more information or to be less "threatening", please
> >mail me.
>
> Simple, don't bother to ask in the first place. Or ask informally, in
> ordinary English. Skip the "This mail was composed by my mailreading sftwr,
> which automatically scans incoming mail, looking for failed keyserver
> requests..." nonsense.
Nonsense? It seems to me that the information is useful, for two
reasons:
(1) it alerts the recipient to the semi-automated nature of the mail,
which allows the recipient to prioritize his response (if any)
to it.
(2) it alerts the recipient that incorrect receipt of a key-request
could be caused by a software bug (as opposed to some attempt
to forge email).
(3) it notes the existance of the package, which the recipient might
be interested in (in the same way many cryptography-aware
programs add a comment line to a PGP-signature). By the way,
I have had several people ask for a copy of mail-secure.el after
receiving a key-request from the package, which translates
into several more people encrypting their email and verifying the
messages they receive.
> I don't need some fraction of them running their own "key etiquette
> agents" inspecting my posts for conformance to their preferences.
Once again you're [ willfully ? ] missing the point: etiquette and
preferences have nothing to do with it, and your repeated assertions
to the contrary trivialize the desire of some people to authenticate
messages they receive (which I and others consider to be a reasonable
goal).
- - --
TJIC (Travis J.I. Corcoran) http://www.openmarket.com/personal/tjic/
Member EFF, GOAL, NRA.
opinions (TJIC) != opinions (employer (TJIC))
"Buy a rifle, encrypt your data, and wait for the Revolution!"
PGP encrypted mail preferred. Ask me about gnuslive.el for emacs.
-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Auto-signed by mail-secure.el 1.002 using mailcrypt
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface
iQCVAwUBMGrlu4JYfGX+MQb5AQGiSwP+MMgoog/vmsxKU5Zo17L5ZE3KVlYWsbQ7
9kcVb8d2CLPyAyaU4iNmF5dLwdYyy0reft9jhzQAaZ/1Nm0+9KXGAhT7DdO2nDFT
hGc9KiQ/IYEkkhkRJIRRNkVNGeWclbf9J/ffQUUNBBTBbJkjjwoLFns+GA6D2Qx/
xs8QFel7kvQ=
=6Gyn
-----END PGP SIGNATURE-----