[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Challenge-response mail filters considered harmful

On Tue, 5 Aug 2003 14:39:27 -0700
Alan Connor <alanc@localhost> wrote:
> > >     He does.  In fact he perports that C-R is a better defense than PGP.
> No. I didn't ever say anything like that.

    Alan, there's one thing I absolutely cannot stand and that is a liar.

Message-ID: <[🔎] 20030804200148.GA1101@earthlink.net>
"That has no meaning to me. What if I were to just copy all of that garbage
on your posts? Wouldn't people then think I was you?


Don't trust it for one second. Don't believe that corporations and the 
government can't decode PGP.

Am inclined to think that anyone using PGP signatures is in fact someone else.

*I* wouldn't even consider using PGP signatures.

My friend posts here under two different identities. So what is the point?"

"PGP  is a farce, in my opinion. I think the government and the corporations,
(as if there was a difference....) have a lot of people fooled.

And I STILL think those signatures are good for nothing but making your
posts hard to read and wasting bandwidth."

Message-ID: <[🔎] 20030802203755.GA1450@earthlink.net>
"What a lot of people don't understand, is that CR programs protect THEM.
With a regular spamblocking program, anyone can use YOUR address and cause
How wwould you like it if someone sent kiddie porn to a thousand people and
used your address in the From, From: Reply-To: and Return-Path: headers ???

This happens, with a thousand variations, ALL the time. 

With a CR system, a person wouldn't even see the mail, and when YOU received
the CR  you would know something was wrong and contact the person who sent
the CR to you. If they are like me, they save the headers of mail that doesn't
come from anyone on their passlist, and you could then have a copy of them
for your records. You could then contact the ISPs on the headers and get their
abuse hounds on the track, and leave a public record that proves your
innocence. "

    Look at the two statements.  In the first message you basically state that
PGP is incapable of protecting one's identity.  In the second message to state
that C-R protects one's identity because they get the challenges and are able
to then take action.

> There are conventions. Maximum of 4 line sigs, for one thing. That one is
> hard-coded into SLRN, although you can disable it.

    That is for the human readable signature.  The machine signature came
after that and is generally accepted as a good thing.
         Steve C. Lamb         | I'm your priest, I'm your shrink, I'm your
       PGP Key: 8B6E99C5       | main connection to the switchboard of souls.
	                       |    -- Lenny Nero - Strange Days

Attachment: pgpvbokrr3Bq9.pgp
Description: PGP signature

Reply to: