[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cypherpunk Certification Authority

To: [email protected]
Subject: Cypherpunk Certification Authority
From: [email protected]
Date: Tue, 28 Nov 1995 06:00:10 -0800
Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address.THE PORTAL SYSTEM DOES NOT CONDONE OR APPROVE OF THE CONTENTS OF THISPOSTING. Please report problem mail to <[email protected]>.
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 28 Nov 1995, an impostor posing as Alice de 'nonymous wrote:

> On Sun, 26 Nov 1995, Perry E. Metzger wrote:
> 
> > Someone spoofing Alice, who is either Detweiler or "Dr." Cohen, says:
> > > I have never signed any of my posts to this mailing list and frankly have
> > > no intention of beginning at this point.
> > 
> > Well, signed Alice posts have shown up, so we will just have to assume
> > that the above was a spoof and that the signed Alice posts are the
> > real ones, now won't we?
> 
> Perry.  Normally I try my best to ignore you.
> 
> But I will simply repeat, I have never signed a post, and have no 
> intention of beginning to sign any posts, until I establish a secure 
> machine in a secure complex that is dedicated to that purpose.

This insistence on not making use of authentication tools at the same
time as whining about people spoofing you is what caused me to assume
your identity.  You were given ample warning.

Consider it a demonstration of why you should do just what you are
stubbornly refusing to do: generate yourself a damn key!

It is the best way to ensure a persistent persona whilst retaining
anonymity.

> I like to think that I take my security somewhat seriously.

For a purportedly security conscious impostor, you sure are reluctant
to make use of simple authentication tools.  Your risk assesment is
seriously out of whack too.

You do *not* need a secure machine to improve the level of
authentication of your posts: signing your posts would provide better
authentication than no authentication, even if the machine is not
tempest shielded, nor in a secure installation.

Finding your machine (we don't know remember), and installing a kernel
patch to catch your passphrase as it is typed in, or snag it from PGPs
core image is much harder to achieve, even if you are using a multi
user system.

PGP signing your post will give a much better authentication than
people who post from known email addresses; forgeries, and machine
breakins are not that hard to effect.

> And I would ask whoever DID post the PGP key under my name, to please
> issue a revocation certificate.

Oh so you do care about authentication :-)

An offer: you post your own key, and I'll post a revocation.

You might find that people take you more seriously once they know they
are talking to a persistent persona.

Alice de 'nonymous ...

                                  ...just another one of those...

P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMLsT3obu8OQjKS7RAQE62gQAoTxWo6Dipa1bZeNi5NygZ/9CLJ2pn44s
KN2TFWY0n1KPC4tibEM88GOI7vHCCLE8t/XQ2zx5YArjd/7toCidAlUY07vQ6ums
sL4J8oV4JDKdpq9WTWaTS/unBww8qBJRVDBHigtiOneIkmu6kfuBEh0JR+a5plfQ
00GQ4SfcyBk=
=SAXZ
-----END PGP SIGNATURE-----

Prev by Date: Re: A random-noise sampling device for DOS
Next by Date: Re: towards a theory of reputation
Prev by thread: Re: Cypherpunk Certification Authority
Next by thread: Cypherpunks article in The Nando Times
Index(es):
- Date
- Thread