From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Fri, 13 Jun 1997 14:39:42 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Photo ID is not needed for key signings....
In-Reply-To: <v0300786dafc68637a08c@[207.94.249.152]>
Message-ID: <199706130540.AAA06908@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In <v0300786dafc68637a08c@[207.94.249.152]>, on 06/12/97 
   at 10:14 PM, Bill Frantz <frantz@netcom.com> said:

>At 6:47 PM -0700 6/12/97, Tim May wrote:
>>At 8:31 AM -0700 6/12/97, Bill Frantz wrote:
>>>IMHO - What you are really signing is the binding between the data
>>>associated with the key (usually an email address) and the key.  You are
>>>saying that the secret key holder is (one of the) person(s) who has access
>>>to that account, and not some man in the middle in the middle.  If you ask
>>>to see Lucky Green's, or Futplex's, or Black Unicorn's picture ID, you will
>>>either see a forgery or an ID issued by an organization not interested in
>>>birth certificates.
>>
>>My binding was between the key, and "me." Those who wanted to send messages
>>to "me" could assume that only "I" could read it. The address
>>"tcmay@netcom.com" vs. "tcmay@got.net" is not central. Any concern that
>>"tcmay@got.net" is somehow not the keyholder of that '92 key is a nonissue.

>My answer was a pure SPKI answer.  As a first approximation, in SPKI your
>identity is your key.  Meatspace doesn't enter into it at all.  This
>avoids the naming problem of meatspace (i.e. Which John Smith).

>Much of the problem with PGP key signing is there is no complete
>agreement on what it means.  I chose to have it mean that there
>verification of the binding between the data associated with the key and
>the key.

>If you have a version of the key with no signatures, then you can change
>the data field and re-sign with the associated secret key.  Since the
>data field has changed, you properly need to have others re-verify the
>validity of the binding.

I don't think that any changes that he would make to his key would need
re-verification provided that he signed those changes. Take the following
scenario:

John Doe creates a key and signs it:

pub 2048/FFFFFFFF 01/01/90 John Doe
sig                        John Doe (0xFFFFFFFF)

Now 3 other people verify that the key does belong to John Doe and sign
the key:

pub 2048/FFFFFFFF 01/01/90 John Doe john.doe@anonymous.com
sig                        John Doe   (0xFFFFFFFF)
sig                        Mary Jane  (0xAAAAAAAA)
sig                        Tom Thumb  (0x11111111)
sig                        Tiny Tim   (0xCCCCCCCC) 

Now John adds an aka to his key and signs it.

pub 2048/FFFFFFFF 01/01/90 John Doe john.doe@anonymous.com
sig                        John Doe   (0xFFFFFFFF)
sig                        Mary Jane  (0xAAAAAAAA)
sig                        Tom Thumb  (0x11111111)
sig                        Tiny Tim   (0xCCCCCCCC) 
aka                        John Doe john.doe@who-is-it.com
sig                        John Doe   (0xFFFFFFFF)

Since John Doe is the only one who could sign the key with the new aka one
can assume that the aka is as valid as the original userid.

 
- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBM6Debo9Co1n+aLhhAQEOHwP/X5d2qrBCLP/z/zFkf1XDcPJ/ztkwNQ2W
qbFUo+S/ZY9vPCXezs6dCZZfSW3WrRnpmOXQjrSK9qcps6Eafhqs4G96v3bCCzVL
/wjFV+SZigTMyGqBMv9yscYM8o2KnZSvv2ajsIJLbxgoeLAnNvWXIrB2ls21ydSe
k/rXTVnwK/E=
=wXYL
-----END PGP SIGNATURE-----