From: Henry Spencer (henry@spsystems.net)
Date: Mon Oct 15 2001 - 17:15:17 CDT
On Mon, 15 Oct 2001, Benjamin Franz wrote:
> Then you had better step back and examine your desire for certified
> authentication in the larger context. Because it _fundamentally_ requires
> heavily impacting privacy for it to work as you want. If it is not nearly
> universally used - it doesn't work to prevent forgeries of email addresses
> in any significant way. If it _is_ universally used, everyone surrenders
> their privacy as a prerequisite for participation in Usenet.
Why?
You are making an unwarranted assumption: that the mapping between Usenet
author names (the ones that appear in a From header -- whether they are
the mail address or the accompanying comment or both is a detail) and
physical persons is one-to-one and public. While stupidly-designed (or
maliciously-designed) authentication systems may require this, there is no
logical necessity for it.
Verifying that article X really did come from henry@spsystems.net and
article Y really did come from henry@zoo.toronto.edu does not tell you
that they are two different persons (they aren't) or what the name on
either one's birth certificate is (it's not actually "Henry Spencer",
although in this case the difference is trivial -- a middle name which I
rarely use). Nor does it tell you whether henry@spsystems.net is a single
physical person, a consortium (consider postmaster@aol.com), or a robot.
The proper business of a Usenet authentication system is to verify that
all the postings from (say) henry@spsystems.net come from the same
possibly-not-a-single-human author. Nothing more.
Henry Spencer
henry@spsystems.net