[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Sat, 18 Nov 1995, jim bell wrote:

> >anonymous writes:
> >> I still feel such a sense of violation with what LD did, such an
> >> utter sense of helplessness at the character assassination I've
> >> suffered at his hands, 
> >
> >So use PGP, sign your messages.  Simple solution.
> Absolutely!  Anybody who uses anonymous remailers to post to public areas,
> and does not use digital signatures to prevent spoofing when it is obviously
> needed, is a fool or worse.

Most people believe THAT a digital signature is evidence that I am who my
signature _says_ I am when it really doesn't do that at all.  It isn't
reliable at all. 

Unfortunately, I've learned the hard way NOT to do that.  Digital 
signatures don't prevent spoofing.

In fact, I think that thinking something is secure when it isn't leads 
to even more trouble, and could even lead to many tragedies.

In a nutshell, here's the problem.

If someone takes my pgp secret keyring and my password, then they can 
sign a message *digitally* so that people believe the spoofed message is 
really from me.  In fact, since most people tend to rely on a pgp message 
far more than a non-pgp message, most people would be absolutely 
convinced that the message was in fact from me.

Signing with PGP is just not a solution.

Alice de 'nonymous ...

                                  ...just another one of those...

P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.