[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bad Signatures

To: [email protected]
Subject: Re: Bad Signatures
From: [email protected] (Timothy C. May)
Date: Sat, 22 Jun 1996 10:35:29 -0700
Sender: [email protected]

At 3:12 PM 6/22/96, geoff wrote:

>I am not convinced. For a mailing list it makes sense for all members
>to be aware of message integrity problems. Not all cypherpunks have
>your lisp package or Pronto Secure which make signature verification of
>the 10-20 pgp signed messages per day on the list a non trivial task.
>
>I also like the idea that cpunks provides as a byproduct a platform for
>developers to test and debug their security products. We really should
>be getting the bugs out of plain text signatures. You cannot expect Joe
>User to differentiate between an intruder and a gateway massaging the
>message.
>
>Geoff Klein
>Pronto Secure Product Manager

Trusting others to perform cryptographic functions (encryption, decrytion,
signing, signature verification, etc.) is counter to the usual notions of
security.

Of course, people are free to ask others to do cryptographic functions for
them, to tell them which signatures are valid, and which are not. It's a
free society, after all.

However, I think there's already enough traffic on this list without having
"bounce" messages chastising folks for having signatures that for one
reason or another failed their tests. (Could be munging at _their_ end, for
example.)

Those who want to compile lists of "bad signatures," as determined by their
tests, could include a pointer to a URL at their site which says something
like "A list of suspected bad or improperly-formed signatures may be found
at hyyp://www.key-trust.org"

This heads off having a message with a bad sig generating N more messages
to the list announcing some conclusion or another about the sig. Not
something we need.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."

Prev by Date: IAG: "Non-violent demonstrations" planned after Net-attacks
Next by Date: Re: Bad Signatures
Prev by thread: Re: Bad Signatures
Next by thread: Re: Bad Signatures
Index(es):
- Date
- Thread