[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On the value of signatures (was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)



-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, [email protected] writes:

> I use PGP about 20 times per day.  I use it in a manner that is
> *meaningful*.  Unless we have in some way or another verified each
> others' keys, it is meaningless for me to sign a message to you. 
> Putting a PGP signature on a message to someone who has no way of
> verifying your keys is a nice political statement, but is utterly
> meaningless in terms of adding any proof of the sender's identity.  --

You are incorrect.  Keys can always be obtained, and signatures can be
verified at any time.  But an unsigned message can _never_ be verified
as to its origin.

You may not have my key, but I still sign this message (as I have signed
all my net traffic for over 3 years).  I do this to protect the
reputation capital I've built up.

> PS -- On the off chance that anyone really doubts this is me, I will
> shortly send cypherpunks a message that has my own voice AND a PGP
> signature thereupon.  That way, you can check my identity if you either
> recognize my voice OR have verified my fingerprint.  Sheesh.  -- NB

Sheesh, yourself, Nathaniel (if that _is_ your True Name).  You're
showing a real attitude here, as though your reputation alone should be
enough to convince us of your messages' validity.  A malicious attacker
would be likely to bluster this way to deflect discovery of hir ruse.
We're all nyms on the net.  And yours wears no armor.
- -- 
Roy M. Silvernail --  [email protected] will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ4PVhvikii9febJAQHqSgP/YTCBuPGD3yKEGQo6oYzr0gfxIs2MJFCB
xJnSS84g4n6yxSz9u8Ffkq/BHsiRA6eFBuIhLdn0nsMORiEneXGadT+Of9+qvZXA
kfr47lC01uZLfldc8CH5gJG3bc4860nz4z4YhNDW1+3jRkKN2Gzp5V1YWKWvTuIl
kKw4L4ZYZCk=
=rkJ/
-----END PGP SIGNATURE-----