[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (CANADIAN PRESS REPORTS)
- To: [email protected]
- Subject: Re: (CANADIAN PRESS REPORTS)
- From: [email protected]
- Date: Sat, 18 Nov 1995 20:40:42 -0800
- Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address.THE PORTAL SYSTEM DOES NOT CONDONE OR APPROVE OF THE CONTENTS OF THISPOSTING. Please report problem mail to <[email protected]>.
- Sender: [email protected]
On Sat, 18 Nov 1995, jim bell wrote:
> >anonymous writes:
> >> I still feel such a sense of violation with what LD did, such an
> >> utter sense of helplessness at the character assassination I've
> >> suffered at his hands,
> >So use PGP, sign your messages. Simple solution.
> Absolutely! Anybody who uses anonymous remailers to post to public areas,
> and does not use digital signatures to prevent spoofing when it is obviously
> needed, is a fool or worse.
Most people believe THAT a digital signature is evidence that I am who my
signature _says_ I am when it really doesn't do that at all. It isn't
reliable at all.
Unfortunately, I've learned the hard way NOT to do that. Digital
signatures don't prevent spoofing.
In fact, I think that thinking something is secure when it isn't leads
to even more trouble, and could even lead to many tragedies.
In a nutshell, here's the problem.
If someone takes my pgp secret keyring and my password, then they can
sign a message *digitally* so that people believe the spoofed message is
really from me. In fact, since most people tend to rely on a pgp message
far more than a non-pgp message, most people would be absolutely
convinced that the message was in fact from me.
Signing with PGP is just not a solution.
Alice de 'nonymous ...
...just another one of those...
P.S. This post is in the public domain.
C. S. U. M. O. C. L. U. N. E.