1993-11-15 - Re: Key Servers

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: “L. Detweiler” <ld231782@longs.lance.colostate.edu>
Message Hash: 358cdcbbd7cff956fd324c7d9f8fad7ad8a4014af96192c0971fb387e2b2c394
Message ID: <9311150457.AA15079@oliver.MIT.EDU>
Reply To: <9311150432.AA21999@longs.lance.colostate.edu>
UTC Datetime: 1993-11-15 05:00:17 UTC
Raw Date: Sun, 14 Nov 93 21:00:17 PST

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Sun, 14 Nov 93 21:00:17 PST
To: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Subject: Re: Key Servers
In-Reply-To: <9311150432.AA21999@longs.lance.colostate.edu>
Message-ID: <9311150457.AA15079@oliver.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> <sigh> nobody is interested in preventing pseudospoofing here. the
> people who have most maneuvered themselves into a position to aid
> future cyberspace are instead constraining it. that's the point, isn't
> it? gosh, how could I have been so blind...

I think its because we don't see pseudospoofing as a "danger" like you
do.  Personally, I consider it a necessity.  I like being able to hide
behind an anonymous identity (not that I do, mind you).  I don't see
pseudospoofing as "constraining".  On the contrary, I see it as
freeing us.

As an example, look at Ender's Game, where Ender's brother and sister
get on the net under pseudonyms, and get treated just like everyone
else.  There is no biases.  People are judged on their actions and
words, not by who they are, how old they are, what they look like, or
anything like that.  Maybe you are blind, I don't know.  I've never
met you.

> so, Mr. Keyserver, considering that this (your?) software could be used
> TODAY to help build up a true identity system, why do you oppose using
> it in that fashion? I mean, besides that you are a Cypherpunk.

No the software isn't mine, but I consider myself it's God Father.
Mike Graff (explorer@iastate.edu) and I were talking about this a long
time, and he just beat me to learning enough PERL to write the thing.
But I'd like to think that the two of us did most all of the design of
it.  So, in a way, it is my software.

And, as I said, it is not the job of the Keyserver to provide any sort
of policy.  The job of the Keyserver is to distribute keys.  Nothing
more.  Nothing less.  The job of identifying True Names is solely a
job for Digital Signatures, not a job for the Keyserver.  

I oppose using it in a bogus fashion because the software is not
designed for such a use, there is absolutely no protection for it (any
key can be added), because I, and all the other Keyserver admins,
believe that all the keyservers should be interconnected, and because
I feel the job for determining a True Name on a key is a job for
Digital Signatures, not for the Keyserver.  

I am a cypherpunk.  I don't believe in trusting something on faith
alone, but you seem to be asking for that.  There is no way to protect
such a reckless use of the Keyserver.  The only way to provide a
secure way for True Names is to Cryptographically identify them.

So, Mr. Detweiler, why do you oppose using Digital Signatures to
verify True Names?  I mean, besides that you consider yourself a
Cypherpunk? ;-)

-derek





Thread