From: Seth Breidbart (sethb@panix.com)
Date: Sat Oct 13 2001 - 15:35:29 CDT
>> It's easy to fake a signature that will fool anybody whose software
>> doesn't check them, which is just about everybody.
>
> Sadly this problem is even harder than that. To make signing actual
> articles meaningful, you must flag the newsgroup as _only_ allowing articles
> signed by somebody with an appropriately trusted certificate.
Even that isn't good enough.
> That's because even if Seth signs his articles, and even if remote
> servers notice, "Hey, sethb@panix.com signs articles, I am now going
> to insist that any articles from him must be signed" I can still
> post an unsigned article from "sethb@pamix.com (Seth Briedbart)"
Or SethBreidbart@<free-email-provider>, and say something about how my
regular account is down so I'm using that one. You could even get a
valid certificate for it (by challenge-response).
You can't solve a social problem (forgery fooling people) by technical
means.
Seth