[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bad Signatures
At 3:12 PM 6/22/96, geoff wrote:
>I am not convinced. For a mailing list it makes sense for all members
>to be aware of message integrity problems. Not all cypherpunks have
>your lisp package or Pronto Secure which make signature verification of
>the 10-20 pgp signed messages per day on the list a non trivial task.
>
>I also like the idea that cpunks provides as a byproduct a platform for
>developers to test and debug their security products. We really should
>be getting the bugs out of plain text signatures. You cannot expect Joe
>User to differentiate between an intruder and a gateway massaging the
>message.
>
>Geoff Klein
>Pronto Secure Product Manager
Trusting others to perform cryptographic functions (encryption, decrytion,
signing, signature verification, etc.) is counter to the usual notions of
security.
Of course, people are free to ask others to do cryptographic functions for
them, to tell them which signatures are valid, and which are not. It's a
free society, after all.
However, I think there's already enough traffic on this list without having
"bounce" messages chastising folks for having signatures that for one
reason or another failed their tests. (Could be munging at _their_ end, for
example.)
Those who want to compile lists of "bad signatures," as determined by their
tests, could include a pointer to a URL at their site which says something
like "A list of suspected bad or improperly-formed signatures may be found
at hyyp://www.key-trust.org"
This heads off having a message with a bad sig generating N more messages
to the list announcing some conclusion or another about the sig. Not
something we need.
--Tim May
Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Licensed Ontologist | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."