From: Benjamin Franz (snowhare@nihongo.org)
Date: Mon Oct 15 2001 - 15:29:04 CDT
On Mon, 15 Oct 2001, Brad Templeton wrote:
> On Mon, Oct 15, 2001 at 10:32:38AM -0700, Benjamin Franz wrote:
> > I'm sorry. You are attempting to solve a primarily _social_ problem with a
> > primarily _technical_ solution. To prevent your pet fear of someone,
> > somewhere, sometime writing an unsigned message with your 'name' - you
> > will completely sacrifice everyone _else_'s right to privacy.
>
> Since I am chairman of a foundation that pushes privacy rights, and have
> extensively pushed for privacy rights in this group many times, I am a
> little bit bothered that you would accuse me, of all people, of this.
Then you had better step back and examine your desire for certified
authentication in the larger context. Because it _fundamentally_ requires
heavily impacting privacy for it to work as you want. If it is not nearly
universally used - it doesn't work to prevent forgeries of email addresses
in any significant way. If it _is_ universally used, everyone surrenders
their privacy as a prerequisite for participation in Usenet.
> Requiring a signature to prevent forgery need have no impact on privacy of
> posters, as I have indicated. That is up to the policy of a group and
> what sort of signatures it wishes to accept. Many would decide to
> accept anonymous and certainly pseudonymous signatures; certainly nothing
> prevents this.
Except that everytime we push you hard on this that a PK/Cert system
simply _cannot_ prevent people from posting with your email address, you
retreat to 'everyone needs to do it'. This schizophrenic position (that it
both requires near universal deployment to function and that it is
'optional' by the group) is one of the reasons your push for it tends to
get other people riled. Either you force everyone to surrender their
privacy, or you can't stop people from posting to
alt.sex.your-favorite-fetish in your name, with your return address.
> > And the worst part of it is that it won't even do what you want because
> > <noonespecial@someremailer.com> can _still_ post messages signed "Brad
> > Templeton" with complete PK veracity for his address. And you *still*
> > couldn't cancel him since _you_ don't own 'noonespecial@someremailer.com'.
>
> He can say "Brad Templeton" because there are other Brad Templetons in
> the world and he might be one. But he can't post using an e-mail
> address that would get back to me, if use of non .invalid email addresses
> must be certified, other than by creating an alias for me, which of
> course somebody can always do (but not usually anonymously.) Are there
> anonymous remailers that let you redirect their return traffic randomly at
> somebody else?
Sure. They're called the US postal and telephone systems. It took me, oh,
a good 20 seconds to obtain your real world street address and phone
number given nothing but your name and domain. I post <insert any
guaranteed to piss off a lot of people immensely statement> to a billion
news groups with your name, phone and address attached. The 0.1% of idiots
who can't be bothered to figure out I mean for them to harass you by proxy
do the rest. Hell - I can even make it easy by putting your address in
the body with a 'mailto:' link (which neatly evades any PK requirements).
If I'm _really_ nasty, I make it viral with some social engineering hook
like claiming you are taking calls and letters on the topic and want the
message to be passed to as many people as possible.
-- Benjamin Franz"Code as if whoever maintains your code is a violent psychopath who knows where you live." -- Nancy Lebovitz, the button lady