1994-10-05 - Re: Nom de guerre public key

Header Data

From: franl@centerline.com (Fran Litterio)
To: cypherpunks@toad.com
Message Hash: cccd7a009755dadcc33f2a8439de635fe898892fa2908bbe5c2591226a2d9d58
Message ID: <FRANL.94Oct5141756@draco.centerline.com>
Reply To: <FRANL.94Oct5093142@draco.centerline.com>
UTC Datetime: 1994-10-05 18:57:18 UTC
Raw Date: Wed, 5 Oct 94 11:57:18 PDT

Raw message

From: franl@centerline.com (Fran Litterio)
Date: Wed, 5 Oct 94 11:57:18 PDT
To: cypherpunks@toad.com
Subject: Re: Nom de guerre public key
In-Reply-To: <FRANL.94Oct5093142@draco.centerline.com>
Message-ID: <FRANL.94Oct5141756@draco.centerline.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

nelson@crynwr.com (Russell Nelson) writes:

>    From: franl@centerline.com (Fran Litterio)
> 
>    That's part of it, but the more important binding created by a
>    signature is the binding between the userid and the real person.
>    Without that binding, the binding between the key and the userid is
>    useless.
> 
> Nonsense.  You're assuming that the real person wishes to carry their
> reputation over onto their key/userid combination.  Perhaps they wish
> to establish a separate reputation for it?  And once they've
> established that reputation, they wish to change keys?  Might you not
> sign such a new key?

I would not sign a pseydonymous entity's key based soley on the
reputation of the entity.  How do I defend against a man-in-the-middle
attack -- how do I know I'm not signing the middle-man's key instead
of the entity's key?

With a real person, my defense is to use a tamperproof out-of-band
channel to verify the key fingerprint: a phone call (for a friend
whose voice I recognize) or a personal meeting with passports (for
someone I don't know very well).  How do I do that with a pseudonymous
entity?  I'd really like to know if it's possible to do.

I'm all in favor of pseudonymous entities building reputations, but I
think that the price of pseudonymity is the inability to be part of a
PGP-like Web of Trust.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLpLtrneXQmAScOodAQGvRwP+Jj8aR/Qmbd9EdPmCzBw6AGj0fvXhdgal
MXN0HYsqiFPcqZf2GeeE764DpZrCAa54RheXsFa9sjkfJSzN2MfqV4HOiI/X3TvP
qZjt0Bzc8FX5e88CPTE7ajISbPWhhHyGYcbf5IY6u/a55jmSiwSUTuEysFb37QIT
2SCgNSW6uNs=
=ejKn
-----END PGP SIGNATURE-----
--
Fran Litterio                   franl@centerline.com (617-498-3255)
CenterLine Software             http://draco.centerline.com:8080/~franl/
Cambridge, MA, USA 02138-1110   PGP public key id: 1270EA1D





Thread