From: norm@netcom.com (Norman Hardy)
Date: Fri, 16 Jul 93 16:36:56 PDT
To: cypherpunks@toad.com
Subject: Names and Reputations
Message-ID: <9307162337.AA28881@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


J. Michael Diehl wrote:
 
    I'm having a philosophical problem regarding when to sign someone
    else's public key.
 
It strikes me that while a public key may be properly associated with
someone that you know by sight it may more generally be associated
with an abstract reputation. Connecting a face to a public key may
be less useful than connecting a public key with someone that
I recognize by reputation. I don't know Stephen Wolff by sight
but I do know him by reputation and have conversed with
him by e-mail. If during these conversations we had exchanged
public keys, even thru insecure channels, then that would be
more reliable than exchanging keys with someone that I met
in person who claimed to be Steve Wolff but with whom I did not
have time to converse. Steve's reputation with me arose thru a book
he wrote. If he had included his private key there it would be
better yet. (Public keys had not been invented then.)
Having been influenced by Steve's book I would be inclined to
accept Steve's opinions in related areas, if they were signed
by his private key. I need not know what Steve looks like!
 
In CyberSpace it ultimately seems that the public key supplants
ordinary names and all reputations are connected to public keys!