Xref: utzoo alt.flame:1630 soc.women:9361 soc.singles:13603 Path: utzoo!utgpu!water!watmath!clyde!mcdchg!mcdsun!noao!hao!gatech!hubcap!ncrcae!ncr-sd!hp-sdd!hplabs!hplabsz!davis From: davis@hplabsz.HPL.HP.COM (Jim Davis) Newsgroups: alt.flame,soc.women,soc.singles Subject: Re: the solution to the forgery problem Summary: Using crypt or equivalent can help stop forgeries Keywords: cryptography, signature authentication, forgery prevention Message-ID: <1552@hplabsz.HPL.HP.COM> Date: 11 Feb 88 02:12:03 GMT References: <14316@oddjob.UChicago.EDU> Reply-To: davis@hplabsz.UUCP (Jim Davis) Organization: Ivory Tower Lines: 67 pooh@oddjob.UChicago.EDU writes: pooh> Anyone who feels they are currently victims of a campaign pooh> to forge their articles can easily solve the problem. pooh> Announce publicly that you are now withdrawing from posting pooh> to the net for a specified period (three months or so), and pooh> that in this period of time, any and ALL postings from "you" pooh> should be ignored as a forgery. pooh> Whoever is forging these articles will no longer have any pooh> fun, since they will not confuse anyone, and will eventually pooh> stop. Your own name will be cleared. After the furor dies pooh> down and the forgers go on to bigger and better things, you pooh> can return with some hope of being believed. This may be exactly what the forgers want. There are measures that would allow forgery victims to continue posting, without allowing easy forgery. The protocol I have selected to describe was chosen for its ease of use, and not for perfection. It does require that the user monitor what they are said to have posted, and deny the postings that are forged. Lacking widely available public key encryption programs, there is no simple, easy solution. This protocol assumes that forgery attempts are rare, and has a significant cost if a forgery does occur. If you are or feel that you might become a victim of forgery attempts then follow this procedure. Posting Mechanism 1) Select a password solely for netnews posting, one that will not reveal anything about yourself. 2) Announce to the net that you will be signing important messages during the interval from to . Using the protocol below, sign this message. Announce your encryption method (e.g. crypt|vis ). 3) Sign all messages desired to be accepted as non-forgeries. 4) If a forgery does occur, do the following: a) Announce the forgery; b) Announce a new password has been chosen; c) Sign this message with the new and old passwords. A few days later, send a single message: d) Reveal the old password; e) Announce a new password; f) Sign this message with the new password. 5) At the expiration of the password's interval, announce that a new password has been chosen for a new interval, and sign this password with both the old and new signatures. Signing Mechanism 1) Append or embed a piece of text encrypted using the current password. The text should describe the circumstances of the message, for example: "This 42 line message with subject "Killing Rabbits is Bad" was posted late February 10th, 1988" ------- Signature -- Method is Elm Automatic Encryption----------- [encode] Iw;X2K[HE*KLRD;cxZ.D8uFCuUuiEDcAB7Q{'*.*%c.W;GIE$G(@9Ok 1XzchpYi9aJlV"c{XT'XLk7$nNBrxy_3JUrBA7fMs[LI,BY9z5QrBOI}3 CNVPspKSQp\-[Q?kXrYTswf`SF&]!h5TzNqYry7<8v10