[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Challenge-response mail filters considered harmful



At 2003-08-04T17:41:37Z, Alan Connor <alanc@kanga.honeypot.net> writes:

Hello, alanc@kanga.  ;-)

> Funny. I know someone who has 2 of those PGP signatures things, neither of
> which use his real name or stats.

What makes you think that my real name is Kirk Strauser?

> He can prove that he is someone he isn't.

That's kind of irrelevant.  What he *can* prove with certainty is that all
of his posts originate from the same entity.  In the same way, I could be
Becky Smith using an alias.  Regardless of my real identity, you know that
any post with my signature was written by *me*.  If you trust this
representation, do you really care if there's an exact correlation to a
real-world identity?

> This fellow isn't even a particularly skilled hacker.

No hacking (of either definition) required.  :)

> He posts on THIS list, which is the source of my amusement.

Do you know how easy it is, Alan, to create a new persona?  Particularly if
you have control over a mailserver so that you can create an infinite number
of real-looking accounts?
-- 
Kirk Strauser

Attachment: pgpe4tSRj7Z6s.pgp
Description: PGP signature


Reply to: