On 2/1/12 4:29 PM, Christopher J. Walters wrote: > However, I disagree with your statement that there is no way to > check: one can check the headers of each message to see from where > they originated.
Easily forged, and machines are too easy to compromise. This idea that an IP address is clear and convincing evidence of origin is absolute bonkers. An IP address is evidence of *routing*. > Before you mention it, I know that headers can be spoofed, however, > I very much doubt that a troll or spammer would go to the trouble > of creating a key-pair in my name to sign messages, as well as the > trouble to spoof the headers. I personally know fourteen-year-olds who would do this just for the pleasure of screwing with you. Consider Anonymous, whose stated raison d'etre is to do it all for the lulz and because none of them is as cruel as all of them. Anonymous gets in the news when it goes after big targets, but you think a bunch of technically competent high school students wouldn't direct this against a particularly hated teacher, or the designated class pariah, or...? Maybe I have a darker view of human nature than you do, that's certainly possible, but I think it's a critical mistake to apply rational-actor theory to criminals. (It's just as critical of a mistake to apply rational-actor theory to human beings. Human beings ain't rational actors.) > P.S. I could show a proof of concept very easily, to support my > premise that the headers can be used to check which one is valid. > However, it is a good deal of work for me, and it is really up to > you to refute my argument. The only way this argument can be refuted is for me to commit a felony (breaking the Computer Fraud and Abuse Act). I'll happily give a general outline of how it can be done, but I'm not going to commit a felony just to prove a point. That way lies madness. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users