[plug] Was bun fight about "bad" words.

bob bob at contact.omen.com.au
Mon Apr 1 20:34:00 WST 2002


On Mon, 2002-04-01 at 19:22, Mark Dixon wrote:
> I have no interest in arguments about which words are "bad" words and which ones are "good" words
> (which seems to be how this particular thread started).
> 
> However, Paul posited: "The point about the Net, as most of us know quite well, is that there is no
> proof of provenance for email anyway."
> 
> There may not be "proof of provenance for email", but it is possible to provide fairly convincing
> evidence.  For example:  I am Mark Dixon.  The digital signature attached to this e-mail attests to
> that and links my name to my e-mail.  The certificate has been notarised by four people in a "web of
> trust" who met me in person and validated my personal identity documents to give that notarisation
> convincing validity.
> 
> Cheers, Mark Dixon.
> 
> 

Oh dear, my email app says...

This message is digitally signed but can not be proven to be authentic.

Your web of trust has let you down because I don't know you or any of
your notaries. 

Besides, even if I had personally authenticated your digital signature, 
being from you, how am I to tell that you had not be coerced or fooled
into signing the document.

Bruce Schneier of Counterpane Internet Security, Inc. has an interesting
piece on "Why Digital Signatures Are Not Signatures" at
http://www.counterpane.com/crypto-gram-0011.html

Basically it says you can authenticate all you like that the "digital
signature" is supposed to belong to you. Nothing about it says you were
the one to apply it to the message.

So we're back to char stings meaning nothing as identity, only
consistent behaviour over a period of time. How have "they" behaved to
you or others in your dealings with "them". Are they trollish, do they
flame excessively etc etc. I'm sure you get the idea :).

HTH.

-- 
bob
fingerprint = BBC8 A0BD 10DF CBF6 08C9  86AE 4672 2095 D705 90E9




More information about the plug mailing list