[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Warm, fuzzy, misleading feelings

To: [email protected] (James A. Donald)
Subject: Re: Warm, fuzzy, misleading feelings
From: [email protected] (Timothy C. May)
Date: Thu, 1 Dec 1994 01:57:48 -0800 (PST)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]> from "James A. Donald" at Dec 1, 94 00:05:00 am
Sender: [email protected]

James A. Donald wrote:

(the topic being using ersatz sigs to defeat the sig inspector)

> Actually it is even worse than that:   It is like wearing red
> ribbons to protest AIDS.
> 
> A checker that checked signatures for consistent ID would
> actually promote cryptography.
> 
> A checker that merely checks if a signature looks like 
> a signature merely makes cryptography look stupid, like
> a power ranger suit.

I'm back in agreement with James Donald (Chomsky is spinning).

More that just making crypto look stupid, a game to be played, this
whole "toad will only check that the _form_ of crypto is sort of
present" (caveat: this is short-hand for the case presented) defeats
the whole purpose of user-to-user verfication.

I'm interested in systems which actually allow me to _really verify_
sigs if I have to (not often, I hope, and expect), not get a casual
comment from another system/user that it "appears" that a sig is
attached.

I wasn't kidding earlier today (apologies that I'm reading the later
mail first, as I just got home) when I argued that toad messages ought
to be signed. That is, all traffic from toad. 

If sigs are to be compelled (Note to Eric on a point he made earlier:
a compelled sig is one which is compulsory if a post is not to be
bounced, as per Eric's message about delaying and then eventually
bouncing unsigned messages), which I consider unwise, then such sigs
should *actually be checked*, with the resulting checked messages then
signed by toad/Eric/Hugh/John/whatever.

Anything less than this is actually counterproductive, as it fosters
a non-Cypherpunkish view of placing trust in others to do what
technology allows one to do directly.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
Cypherpunks list: [email protected] with body message of only: 
subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay

Follow-Ups:
- Re: Warm, fuzzy, misleading feelings
  - From: [email protected] (Eric Hughes)

References:
- Re: Warm, fuzzy, misleading feelings
  - From: [email protected] (James A. Donald)

Prev by Date: New cypherpunks motto...
Next by Date: Re: Mandatory sig workaround
Prev by thread: Re: Warm, fuzzy, misleading feelings
Next by thread: Re: Warm, fuzzy, misleading feelings
Index(es):
- Date
- Thread