Re: Challenge-response mail filters considered harmful

To: debian-user@lists.debian.org
Subject: Re: Challenge-response mail filters considered harmful
From: Alan Connor <alanc@localhost>
Date: Mon, 4 Aug 2003 13:01:48 -0700
Message-id: <[🔎] 20030804200148.GA1101@earthlink.net>
Reply-to: alanconnor@earthlink.net

> From kirk@strauser.com Mon Aug  4 12:45:09 2003
> 
> 
> 
> At 2003-08-04T17:41:37Z, Alan Connor <alanc@kanga.honeypot.net> writes:
> 
> Hello, alanc@kanga.  ;-)
> 

:-)

> > Funny. I know someone who has 2 of those PGP signatures things, neither of
> > which use his real name or stats.
> 
> What makes you think that my real name is Kirk Strauser?
> 

Don't know and don't care. I assess you by the quality of your posts. If
I NEEDED to verify your identity, I would hire a multi-national personal
investigation firm.

> > He can prove that he is someone he isn't.
> 
> That's kind of irrelevant.  What he *can* prove with certainty is that all
> of his posts originate from the same entity. 

The same interface? The same machine? The same geographical location?

What does "entity" mean?

This fellow is more than a little paranoid ( sorry, Mr. X :-) and I'm pretty
sure the NSA would have to work hard at finding him. Radio links are involved.
.......Yeh. I think it's cool to say that.

 In the same way, I could be
> Becky Smith using an alias.  Regardless of my real identity, you know that
> any post with my signature was written by *me*.

That has no meaning to me. What if I were to just copy all of that garbage
on your posts? Wouldn't people then think I was you?

  If you trust this
> representation, do you really care if there's an exact correlation to a
> real-world identity?
> 

Don't trust it for one second. Don't believe that corporations and the 
government can't decode PGP.

Am inclined to think that anyone using PGP signatures is in fact someone else.

*I* wouldn't even consider using PGP signatures.

My friend posts here under two different identities. So what is the point?

> > This fellow isn't even a particularly skilled hacker.
> 
> No hacking (of either definition) required.  :)
> 
> > He posts on THIS list, which is the source of my amusement.
> 
> Do you know how easy it is, Alan, to create a new persona?  Particularly if
> you have control over a mailserver so that you can create an infinite number
> of real-looking accounts?
> 

I exchange encoded mails with a couple of people. We use  complex one-time 
pads with the originals delivered by hand and kept VERY well hidden. The 
en/de-coding is done in a ramdisk on a computer that is never con-
nected to the internet and sits in a tiny shielded room. (go Debian)
( this is commercial/proprietary stuff ). 

I KNOW that those communications are secure.

PGP  is a farce, in my opinion. I think the government and the corporations,
(as if there was a difference....) have a lot of people fooled.

And I STILL think those signatures are good for nothing but making your
posts hard to read and wasting bandwidth.

Alan

-- 
      For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program. 
         See: http://tinyurl.com/inpd  for the scripts and docs.

Reply to:

Follow-Ups:
- Re: Challenge-response mail filters considered harmful
  - From: Kirk Strauser <kirk@strauser.com>
- Re: Challenge-response mail filters considered harmful
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: OT bash $substitution in 2.05b.0-9
Next by Date: Re: Spamassassin and procmail
Previous by thread: Re: Challenge-response mail filters considered harmful
Next by thread: Re: Challenge-response mail filters considered harmful
Index(es):
- Date
- Thread