PGP: sequencing messages

John Drabik pmmail@rpglink.com
Mon, 10 Apr 2000 17:32:51 +0000


On Fri, 07 Apr 2000 08:23:10 -0300 (ADT), Trevor Smith wrote:

>Actually John, I still think PGP signatures will solve the issue

I don't see how.  The issue involves both electronic and paper e-mail
returns, and it would only be necessary to miss one space or tab
character, and the whole thing is off.  Second, it doesn't allow
rapid lookup - you have to get the message, strip comments or >
markers, and then recompute the PGP signature, *without* sending the
message, and then compare the results to some archive.  The last
point is that it is impossible to "individualize" a message when sent
as a group (i.e., send the same message to several people), because
there is no individual ID anywhere in the message.

>Each message signed with PGP will have a unique identifier (the PGP
>signature) which should be just as possible to "look up" as any
>Message-ID header would be.

I'd argue that point.  How is one to get a message back, do a
foolproof strip, and regenerate the PGP signature easily?  And if the
message is sent to several people at once, the entire method fails. 
You can only tell that *one* of them, but you don't know which one,
forwarded the message improperly.

John