From owner-freebsd-security Mon Dec 16 02:44:43 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id CAA17929 for security-outgoing; Mon, 16 Dec 1996 02:44:43 -0800 (PST) Received: from silver.sms.fi (root@silver.sms.fi [194.111.122.17]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id CAA17916 for ; Mon, 16 Dec 1996 02:44:39 -0800 (PST) Received: (from pete@localhost) by silver.sms.fi (8.7.6/8.7.3) id MAA03828; Mon, 16 Dec 1996 12:44:20 +0200 (EET) Date: Mon, 16 Dec 1996 12:44:20 +0200 (EET) Message-Id: <199612161044.MAA03828@silver.sms.fi> From: Petri Helenius To: Doug Kwan ~{9XUq5B~} Cc: security@freebsd.org Subject: Re: mail bomb! In-Reply-To: References: <199612160617.IAA03360@silver.sms.fi> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Doug Kwan ~{9XUq5B~} writes: > Hello Pete, > > On Mon, 16 Dec 1996, Petri Helenius wrote: > > > Have you ever considered using PGP signatures to verify the > > authtenticity of your postings. If the neccessity of verifying the > > signature would be informed at signup time, it would be the 'user's > > fault' if he/she would believe the message without verifying it. > > Most ISP's have customers who are not computer gurus. Asking them > to use PGP to verify all our messages would not be a good idea. Anyway > we would take your advice to digitally sign all our messages. > My message could have been misunderstood that the misunderstanding should be blamed on the customers. However this was not my intention. The idea was to give proper ammunition to the customers that do care and know how to do the trick. Maybe as a side-effect more of the world would grow authtenticity-aware. Today, too many people believe what they read is authtentic without actually giving any thought to the possibility of a forgery. Pete