From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 30 Nov 93 19:57:52 PST
To: cypherpunks@toad.com
Subject: Signing Keys for Nyms and Digibank Users
Message-ID: <9312010354.AA17944@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


X-Note: This isn't a Detweiler-flame, it's a mostly technical discussion

A While Back, L. Detweiler asked:

> Suppose that a real person signed someone else's imaginary identity for
> a key in a key server, or for their own. Can someone explain to me why
> this is not dishonest?
> 
> I guess the argument will be, the signor is only guaranteeing that some
> key is associated with some email address.  But that seems to me to
> abuse the whole idea of trust in people.  Has anyone asked PRZ what he
> thinks of the practice of real people signing imaginary identities?

There's a couple of issues here, some of which we haven't beaten to death:
- what you're claiming to be the truth by signing the key
- can you be sure you're signing a key for the *real* imaginary identity,
	or whether you're signing a key for somebody *impersonating* 
	the imaginary entity?
- if the pseudonym is one of yours, are you giving away its identity
	(and hence usefulness or safety) by signing it?

The purpose of signing keys, in my opinion, is to verify that,
if you're using a given key to talk to a given person or entity,
does that key really belong to that entity, or is it a key the
KGB/NSA/Mafia/Wiretaps-R-Us substituted for the real key.
You're not necessarily claiming that the name on the key is the
person's Government-Approved True Name, though government ID
is one way you could help verify that the person you meet at a conference
claiming to be "Tim May" is the real "Tim May" you've been sending
email to all these years, and not some NSA guy or Eric Hughes in disguise.
The government already supports government-approved fictional people
with government-approved names - corporations.

The quality of the introduction you're providing to other people
may be affected by how well you verify that you're talking to the
person you think you are, and by how well you know them,
and ought to indicate this.  If you're giving away PGP at, say,
a trade show or conference or rave, you probably should
create a separate public key for doing those signatures, e.g.
	(1993 Anarchist's Gathering PGP Demo <wcs@foobar.com>)
so people know this isn't the usual high quality intro you normally provide.

Verifying that you're talking to the right person for a pseudonym is tough.
If you're having a conversation by email, it's really hard,
unless you and the nym share some private knowledge that the
Wiretaps-R-Us folks wouldn't have access to and that isn't on the
Usenet CD-ROM collection, which is unlikely unless you know the
pseudonym-user personally and are sure they've been using that name.

I know a couple of people who use the names "Hobbit" and "Wookie",
in real life as well as on the net (though that's probably not 
what their mothers call them :-), and I'd have no problems signing keys 
for them as long as the keys indicated *which* Hobbit and Wookie they are.
Similarly, I've got a number of relatives who've changed their names
(show biz, Anglicizing, personal weirdness, etc.), and I'd have
no problems signing keys for them under either their government-approved
names, birth names, work-use names, family-use names, or whatever.

On the other hand, I'd have real trouble signing keys for Wonderer,
Dark Unicorn, or strnlght@netcom.com because I haven't met them
personally, and only have the consistency of their email addresses
to verify who they are - and I haven't tried checking their
articles to know what to look for to check whether an email
request claiming to be from one of them looks unforged.
If I remember right, none of these people puts a PGP Key ID or fingerprint
in their posting signatures, so I don't have that clue available -
that would increase my confidence a lot.  But I still couldn't be sure.

I once got a phone call from someone claiming to be Bob Morris (Sr.),
about some computer security problems I was having, who pointed
out that I couldn't really verify it was *him* I was talking to.
(If I'd called him back, I'd at most know it was someone at his desk
or someone hacking the phone system.)  If I wanted to sign his key,
I'd create a special "Unix Hacker who claimed to be Bob Morris" key
to sign it with, if he told me the key words from that conversation,
and you could decide how much to trust that introduction.
~~~

There are a couple of of my own nyms I've signed keys for (using other nyms),
when I was demonstrating how the signature stuff worked
to somebody who uses an anonymous remailer (and had already
figured out that I was the person who used one of those nyms
due to the anon.penet.fi remailer behavior; I knew his address
because he'd included a signature in one of his anonymous postings.)

On the other hand, if I really cared about preserving the anonymity
of the nym-user, and it was somebody I knew in person, or myself,
I probably wouldn't sign it with my real key - it may be relatively obvious
that "Bill The Dragon-Basher" whose key was signed by "Bill Stewart" was me,
but I'd rather not have to deal with a court subpoena or Mafia equivalent
trying to find the users of the keys for "Crypto International, Ltd." or
"Coalition Against the U.S. Invasion of Cuba" or "Some Unapproved Religion" or
"Bear's Custom Chemicals" or an anonymous Panamanian bank account that's mine.

But if the keys are only signed by other nyms, how trustable are they?
If I ran a digibank, I'd be real hesitant about accepting changes of
address or public-key unless I had some physical verification or other
securely shared secret to avoid eavesdropper and interloper attacks,
but one of the goals of digital banking is that you're not supposed
to need physical transactions.  I suppose an initial account set up
by sending the bank a message with a Secret and a public key and a 
bunch of digibucks might do the job, with some cut&choose protocols
to decrypt the digibucks if the account is approved?

		Bill The Dragon-Basher
			(oops!  ^X^C:wq!/exit~.\b\b\b\b\b\b)
# Bill Stewart  Old address: wcs@anchor.ho.att.com AT&T Bell Labs, Holmdel, NJ
# After 10/15, NCR, 6870 Koll Center Parkway, Pleasanton CA, 94566
# Voice/Beeper 510-224-7043, Phone 510-484-6204, email bill.stewart@pleasantonca.ncr.com