Full Disclosure mailing list archives
impersonation
From: full-disclosure () lists netsys com (David Benfell)
Date: Fri, 16 Aug 2002 00:37:39 -0700
--C94crkcyjafcjHxo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 15 Aug 2002 12:24:41 -0600, Charles Stevenson wrote:
Jonathan, =20 On Thu, Aug 15, 2002 at 12:03:27PM -0400, Jonathan Rickman wrote:Yep. Everyone should start signing messages. I think I'll start now...=20 Count me in. =20 peace, core =20
Having been doing this all along, far be it from me to argue. However: [-- PGP output follows (current time: Fri 16 Aug 2002 12:23:20 AM PDT) --] gpg: Signature made Thu 15 Aug 2002 11:24:40 AM PDT using DSA key ID 13B278= 93 gpg: Can't check signature: public key not found [-- End of PGP output --] This makes it difficult to confirm your signature. I would suggest publishing your public keys on public key servers. Also, everyone should be cautioned that Windows virus-checking programs have been known to mistake GnuPG (and I would presume PGP) signatures for virii. As you can imagine, this can lead to grave misunderstandings. So while I'm all in favor of using verifiable cryptographic signatures, doing so may make this list less friendly to those who (sometimes under duress) are using Windows. Finally, given the sort of spam we've been seeing, there's little to stop these children from also signing their messages; so I would suggest the following procedures (without regard to how difficult they might be to actually implement): 1) Moderate subscription requests. Subscription requests must be accompanied by a verifiable cryptographic signature. 2) Only subscribers may post, and all postings must have verifiable cryptographic signatures matching the key used to sign the original subscription request. --=20 David Benfell, LCP benfell () parts-unknown org --- Resume available at http://www.parts-unknown.org/resume.html --C94crkcyjafcjHxo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iQEXAwUBPVyrw3w5zqzgtjVOFAIHZAP9H7yMGGsVj+ohyEsSDPkGDk4CcngKwdur MkAH0BxwtaMjaTdO8j4g5gSuGYDNH6xxNFJBsr9ZDmu8vqMJYWfm0zFCLA3B7qfR 02zHfOng2xOd4sZr7vhbk4qEIg/eu3g+H3EkcL5kok63fZLsJPFWbTOifkTcX1w7 OjFxmTGyGikD/3rrL7ioeV2YlGKNPubZ3YcdAXMvv1abFuCglmvRgOzRsU7XZsOS ata+8Qslw6kq4zsbHoU4Yo8i6qR9idvWdky39Og6qK5Pr9VpOduUGOFAelLCFU8F qS5DrScEYZs3vDc9pHp6/uFO3qSBOmOW5IcEdvlzujtHhuFNlFw3ctND =pgSa -----END PGP SIGNATURE----- --C94crkcyjafcjHxo--
Current thread:
- impersonation Alan Rouse (Aug 15)
- impersonation Raymond Morsman (Aug 15)
- impersonation Jonathan Rickman (Aug 15)
- impersonation Charles Stevenson (Aug 15)
- impersonation David Benfell (Aug 16)
- impersonation Charles Stevenson (Aug 15)
- impersonation Nexus (Aug 15)
- impersonation Gary E. Miller (Aug 15)