1995-08-22 - Re: True Names and Webs of Trust

Header Data

From: “Patrick J. LoPresti” <patl@skyclad.lcs.mit.edu>
To: tcmay@got.net (Timothy C. May)
Message Hash: 9fb703814f1d37378beaedc7bbe249177a3eddef280722952e9f69d2ec2968bb
Message ID: <199508221446.KAA00931@skyclad.lcs.mit.edu>
Reply To: <ac5ebdaa140210041c80@[205.199.118.202]>
UTC Datetime: 1995-08-22 14:47:03 UTC
Raw Date: Tue, 22 Aug 95 07:47:03 PDT

Raw message

From: "Patrick J. LoPresti" <patl@skyclad.lcs.mit.edu>
Date: Tue, 22 Aug 95 07:47:03 PDT
To: tcmay@got.net (Timothy C. May)
Subject: Re: True Names and Webs of Trust
In-Reply-To: <ac5ebdaa140210041c80@[205.199.118.202]>
Message-ID: <199508221446.KAA00931@skyclad.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

 tcmay> As Bill Stewart correctly claimed is my view, the "key is the
 tcmay> identity."  Or, more accurately, a _persistent personna_ is
 tcmay> what matters.

These discussions are missing the entire point of the Web of Trust.

Key signatures exist for one reason and one reason only: To thwart
man-in-the-middle attacks.  Whether your "persistent persona" is a
True Name (tm) or a pseudonym is irrelevant.

Suppose a sysadmin on your site installed a filter on your mail and
news that translated everything between your real public key and one
of her choosing.  Such a transformation could be done automatically
quite easily.  How long before you would notice?  Depending on how
careful you are, it could take quite a while.

Key signatures avoid this attack.  What a key signature *means* is
that the signer is personally vouching that no such attack has taken
place.  Each signer has his own level of paranoia, and you need some
knowledge of that paranoia level to evaluate the worth of a signature.

Requiring a True Name backed by state-appoved photo ID is a pretty
high level of paranoia.  (It would take a lot of effort to monitor
this exchange, edit it to arrange a meeting between us, show up with
photo ID for "Tim May", and continue editing every time one of us
mentioned our personal meeting...)

Pseudonyms *do* pose a problem here.  The problem is not whether
someone tries to use a name that "really" belongs to someone else.
Who cares?  The problem is making sure that your conversation with the
entity at the other end of the wire is secure.

This is what the Web of Trust provides.  If I take the time to have a
long conversation with a pseudonym (so that I "get to know him"), then
I arrange a personal or telephone meeting, and the person I talk to is
totally consistent with the person I know electronically, then I can
feel safe signing his key.  ("The entity calling itself 'Patrick J.
LoPresti' asserts that the entity it knows as 'John Doe' uses this
public key.") Of course, I need to know him pretty well before I can
do this, lest the man-in-the-middle deceive us.  The beauty of the Web
of Trust is that once I have done this, everyone else who trusts me
can use the pseudo's key with confidence and without going through the
same trouble.

Zimmermann clearly understood all of this, but I don't think he
documented it properly.  In my opinion, everyone should always think
in terms of man-in-the-middle attacks when signing a public key.
Mandating "True Names" is just an overconservative approach suitable
for people who don't fully understand the issue.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMDntwHr7ES8bepftAQFyyAQAnFtDh4UxHOtFoykCFVyK4s0CXqXhku+k
T8n/881R0F1lL+qKMlkxCd0qRmYXueeYGCO6oXAMWgVjVBQ4PluAdw7Ad4b9GxDA
FzkuN5oasKbyKyyCRguRq7DszKWW0nyjGbsToq0udtX0fsY33ZtU3btbsjawBFgI
Kk7TEeHBT+8=
=pndj
-----END PGP SIGNATURE-----





Thread