From: Brad Templeton (brad@templetons.com)
Date: Thu Jul 16 1998 - 21:46:00 CDT
On Fri, Jul 17, 1998 at 12:13:06PM +1000, ? the Platypus {aka David Formosa} wrote:
> On Fri, 10 Jul 1998, Brad Templeton wrote:
>
> > On Fri, Jul 10, 1998 at 11:13:08AM -0400, Dave Barr wrote:
>
> [...]
>
> > > Indeed, why are we using signatures, which downstream sites can
> > > simply strip off, leaving them vulnerable to cancels?
>
> [...]
>
> > If articles are to be signed, they must all be signed, that's correct.
>
> Not realy. There are pleanty of respected peaple in sci.crypt who beleave
> that signing everything is not a very smart thing to do. Thay advocate
> signing importent stuff only.
It's a tremendously lower level of security. It means all you can tell
is that if you see a signed article, you know who wrote it. It doesn't,
without a lot of overhead, stop people from forging as that person at all,
and even with the overhead (keeping lists of people who sign), doesn't stop
it totally.
It's not zero added value, but it's close, compared to the higher level
you can get when all are signed -- no forgeries, no fake cancels, control
of a group ranging all the way from open to moderated, any any level in
between.