[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ADMIN: on penet and on paranoia

Eric Hughes wrote:
>Paranoia is cryptography's occupational hazard.

Yes, that is indeed the nature of it since many of the protocols are
designed to work admist mutually distrusting parties.  A degree of
suspicion/ paranoia is necessary - for example, digital cash.  Another
example, a non-suspicious person may be tricked into digitally signing
anything (by getting them to sign a blinded document).

>the possibility of technical error, and it begins to close off
>examination of technicalities not fully understood.

I understand this: I was allocated an anonymous id which I didn't
intend to request.  So maybe it was a technical error, maybe it was
somebody trying to figure out my id...

in either case the resulting id is useless  

Presumably, the person subscribing to the list received my message,
with the From: field altered to the anonymous id.  Since the message
contained by name and email address, I don't care if the id was
assigned by mistake.

> There must be confidence that the way by which this security becomes
> to be believed is robust and immune to delusion.

Precisely: I beleive my assigned anonymous id to be worthless.

I think I follow most of what you are saying; all the same, in this
case, technical error or not, malicious person or not, the paranoia is
justified.  And beleive me, I haven't invested much time into figuring
this out.

Karl L. Barrus: [email protected]         
keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 

"One man's mnemonic is another man's cryptography" 
  - my compilers prof discussing file naming in public directories