From: Brad Templeton (brad@templetons.com)
Date: Mon Oct 15 2001 - 14:59:28 CDT
On Mon, Oct 15, 2001 at 10:32:38AM -0700, Benjamin Franz wrote:
> On Fri, 12 Oct 2001, Brad Templeton wrote:
>
> > On Fri, Oct 12, 2001 at 12:25:55PM +0200, Ralph Babel wrote:
> > > Brad Templeton wrote:
> > >
> > > > If somebody forges an article in my name,
> > > > I should be able to cancel it quickly and easily.
> > >
> > > Sign your articles. Then there's
> > > no need to cancel forgeries later.
> >
> > Alas, that doesn't work, which is why preventing forgery is one of the
> > hardest problems. Unless remote sites somehow have decided to remember
> > that all articles from rbabel@babylon.pfm-mainz.de MUST be signed, and
> > reject any that are not signed by you, forgeries are possible.
>
> I'm sorry. You are attempting to solve a primarily _social_ problem with a
> primarily _technical_ solution. To prevent your pet fear of someone,
> somewhere, sometime writing an unsigned message with your 'name' - you
> will completely sacrifice everyone _else_'s right to privacy.
Since I am chairman of a foundation that pushes privacy rights, and have
extensively pushed for privacy rights in this group many times, I am a
little bit bothered that you would accuse me, of all people, of this.
Requiring a signature to prevent forgery need have no impact on privacy of
posters, as I have indicated. That is up to the policy of a group and
what sort of signatures it wishes to accept. Many would decide to
accept anonymous and certainly pseudonymous signatures; certainly nothing
prevents this.
> And the worst part of it is that it won't even do what you want because
> <noonespecial@someremailer.com> can _still_ post messages signed "Brad
> Templeton" with complete PK veracity for his address. And you *still*
> couldn't cancel him since _you_ don't own 'noonespecial@someremailer.com'.
He can say "Brad Templeton" because there are other Brad Templetons in
the world and he might be one. But he can't post using an e-mail
address that would get back to me, if use of non .invalid email addresses
must be certified, other than by creating an alias for me, which of
course somebody can always do (but not usually anonymously.) Are there
anonymous remailers that let you redirect their return traffic randomly at
somebody else?