Re: Shouldn't "toad" messages be signed?

[eric@remailer.net (Eric Hughes)]

   From: tcmay@netcom.com (Timothy C. May)

   It seems clear to me that by the logic of this thread, *all* messages
   passing through toad to us should naturally be _signed_. 

Perhaps someone else's logic.  Not mine.

I'm not talking about putting cryptographic material on toad.  There
are not only key distribution problems (for sig checking) but also
security problems (for sig making).  I've stated clearly two or three
times now that I was planning to use syntactic and not cryptographic
recognition.

   After all,
   how do we know if an "approved" message has indeed passed through
   toad? Someone else could be spoofing the account.

This is specious.  The server exists as a communication mechanism, not
as an authentication mechanism.  Were the list restricted, either in
acceptance or in transmission, it would have authentication properties.
It's not, and it doesn't.

   This will produce nested sigs, as I attempted to illustrate above
   (apologies if I got the precise syntax wrong). 

The precise syntax doesn't matter.  The nesting problem is a weakness
in PGP, which can't add on a second signature to the block at the
bottom of a clearsigned message.

   And will today's tools allow easy extraction of first the toad sig,
   then the enclosed sig?

I doubt it.  On the other hand, my original proposal was to encourage
the _making_ of signatures, not their checking.  If you insist that my
proposal includes checking as a basic element, you'll be arguing
against a straw man.

   Seems to me that if Eric wants to start encouraging use of sigs, that
   a good first start would be for toad to sign all messages.

What Eric wants to very specifically encourage is the making of
signatures on outgoing posts.  Anything else is a bonus, not a premise
to find inconsistency in.

Eric