[hashcash] Re: Opportunistic signatures - a proposed design
- From: Atom 'Smasher' <atom@xxxxxxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Sun, 29 Aug 2004 14:14:58 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
i already let signed email bypass any filtering, if i have the public key
in my keyring.
i'm currently working on a formal standard for including OpenPGP key
information in an email header. when that happens, an MUA can offer the
user an option to accept the key, and accept any message signed with that
key. it really shouldn't be *that* difficult to build the UI smarts into
an app, if the key management is handled intelligently.
in the meantime, only geeks will allow signed messages to bypass further
checks. i think that signatures and hashcash serve different purposes, and
to that extent the technologies are complimentary... if i have your key in
my keyring you can sign a message and it won't be subject to filtering...
but if i don't know you, then hashcash will do the same thing. also, i may
not want to sign an email with my key (maybe i'll want to deny later that
i authored it)... in that case, hashcash is more valuable.
anyway, OpenPGP is a perfectly viable protocol for signing email... no
need to reinvent that wheel. of course, if people are signing on
auto-pilot (no password protected keys) then keys should be small...
they'll be stolen by viruses, not password protected and there should be
several avenues of plausible deniability... the purpose is to "prove" to a
filter, not to a court, who authored an email. of course, if one is
handling outbound email for a large bank and they want to discourage
phishing, then a large key is a good idea (with certain obvious and
non-obvious precautions).
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"I haven't failed, I just found 100,000 ways that don't work."
-- Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBMh0nAAoJEAx/d+cTpVciFtgH/RCxO56wovFVuGvTpRzBANy0
ea8XWMElApYhEvfJbIRuX5yjoq6m1kyh+ieRjqiuGeZayweu2UBPhQ/PsgfQLEnv
EjGLLP4g+53cbUcMrtPOgkds8zaKkeU2YnCtizm1X0c1MOrRG8XOwfWnUAmnv0aD
jw0/bnKIGsDHxzXBgHnay7W3pHdUIrxlVrJBPhgtWCZRBwzFULW4whUKhRcv58fm
QzcHXhCK9pCJyXvgertMNe+p/0pOC/XNGcXO8t/leh7yx3FU7xQs/4aZDc75rvHa
+NxYmPR2+dY3oaN0KcQV2MI45+RVyjjE14Pp+0+Dr7WeCLj4xBYin1yuLnDxbxs=
=si3F
-----END PGP SIGNATURE-----
Other related posts: