[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bad Signatures
-----BEGIN PGP SIGNED MESSAGE-----
To: [email protected]
Date: Sat Jun 22 18:22:50 1996
On Fri, 21 Jun 1996 10:15:13 "Travis J.I. Corcoran" wrote:
> I use a lisp package for emacs that I wrote to automatically verify
> signatures on incoming mail, so I already see the 10% of messages
> which are improperly signed displayed in a red "bad signature"
> font. Thus, I'd have no need of this service.
>
> Further, it makes philisophical/political sense to me to have
> verification distributed. Every node should be doing it's own
> security.
I am not convinced. For a mailing list it makes sense for all members
to be aware of message integrity problems. Not all cypherpunks have
your lisp package or Pronto Secure which make signature verification of
the 10-20 pgp signed messages per day on the list a non trivial task.
I also like the idea that cpunks provides as a byproduct a platform for
developers to test and debug their security products. We really should
be getting the bugs out of plain text signatures. You cannot expect Joe
User to differentiate between an intruder and a gateway massaging the
message.
Geoff Klein
Pronto Secure Product Manager
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBMcwPzkLv5OMYFK1FAQH8tgP/Y/Qai5TQj45CGk7U9OdF5BrdycyQpKuE
UfAnlFut/LmgumyiM2wuy6+CPv8mPITAp375rNVx9UxvyRj8Gv8MFfEEuwVFZpNb
WbiWvl2yPBCV/ZBlEdmXJUPhfYto3FFjZX6AwKTMXgHd1j7uW3pBGSW24McEjM2I
aBQ1iDbLUY0=
=Igm9
-----END PGP SIGNATURE-----