[43631] in Cypherpunks
Re: (CANADIAN PRESS REPORTS)
daemon@ATHENA.MIT.EDU (anonymous-remailer@shell.portal.co)
Sat Nov 18 23:47:48 1995
Date: Sat, 18 Nov 1995 20:40:42 -0800
To: cypherpunks@toad.com
From: anonymous-remailer@shell.portal.com
On Sat, 18 Nov 1995, jim bell wrote:
> >anonymous writes:
> >> I still feel such a sense of violation with what LD did, such an
> >> utter sense of helplessness at the character assassination I've
> >> suffered at his hands,
> >
> >So use PGP, sign your messages. Simple solution.
>
> Absolutely! Anybody who uses anonymous remailers to post to public areas,
> and does not use digital signatures to prevent spoofing when it is obviously
> needed, is a fool or worse.
Most people believe THAT a digital signature is evidence that I am who my
signature _says_ I am when it really doesn't do that at all. It isn't
reliable at all.
Unfortunately, I've learned the hard way NOT to do that. Digital
signatures don't prevent spoofing.
In fact, I think that thinking something is secure when it isn't leads
to even more trouble, and could even lead to many tragedies.
In a nutshell, here's the problem.
If someone takes my pgp secret keyring and my password, then they can
sign a message *digitally* so that people believe the spoofed message is
really from me. In fact, since most people tend to rely on a pgp message
far more than a non-pgp message, most people would be absolutely
convinced that the message was in fact from me.
Signing with PGP is just not a solution.
Alice de 'nonymous ...
...just another one of those...
P.S. This post is in the public domain.
C. S. U. M. O. C. L. U. N. E.
