CZ Talk:Moderator Group/Policy decisions: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>D. Matt Innis
(→‎Email forgery protections: reply to Howard.)
imported>D. Matt Innis
(break down into sections compatible with page)
Line 1: Line 1:
=Email discussions section=
==Email forgery protections==
==Email forgery protections==
Apologies if I'm inappropriately posting; please delete or move.
Apologies if I'm inappropriately posting; please delete or move.

Revision as of 10:03, 31 October 2010

Email discussions section

Email forgery protections

Apologies if I'm inappropriately posting; please delete or move.

First, it is possible, although not necessarily easy, to make email highly resistant to forgery and other security attacks (e.g., replaying the same legitimate message to affect a poll). In general, these techniques are based on digital signatures.

Just as one example, one of the reasons that US medical practices have been reluctant to use email communications is the possibility of fraud. One workaround is to require patients to use the practice's own email client, accessed through their webpage, and with as strong authentication as possible. Invisible from the user is that it create a digital signature of the message.

A step more challenging is to accept mails from user email clients, which carry the appropriate digital signature. Signing plugins are available for most clients, although the free ones aren't necessarily easy to install.

So, it is possible to create a forgery-resistant email.

If it comes to it, there are also computer forensic methods that are less certain, but can strongly suggest the authenticity of email given a set containing multiple emails, possibly using other contemporaneous communications (e.g., Forum posts).

Dave MacQuigg and Sandy Harris are very knowledgable in these areas as well. Howard C. Berkowitz 15:01, 31 October 2010 (UTC)

Yes, you are allowed to post here.
For all practical purposes, this would only attempt to resolve the effects of "email forgery." It does not address the other issues of "private vs public discussions" and "informed consent". Even if we were to effectively eliminate the issue of potential forgery, we still would have issues related to reading private discussions. However, if everyone accepts that when using cz-resources their discussions are considered public, we can overcome those thresholds. Otherwise, every conversation that you have with anyone can be construed to being public and subject to professionalism guidelines. Then, you say, that we don't have to be as strict because it is not really public and to that I say we get to a point where there are diminishing returns for the constabulary to be wasting time reading and risking their real lives reading personal emails when they aren't going to do anything other than a slap on the wrist. The occasional stalker needs to be reported to the police, because we have no way of protecting anyone. D. Matt Innis 16:01, 31 October 2010 (UTC)