From: J. Michael Diehl <mdiehl@triton.unm.edu>
Date: Fri, 16 Jul 93 20:13:15 PDT
To: norm@netcom.com (Norman Hardy)
Subject: Re: Names and Reputations
In-Reply-To: <9307162337.AA28881@netcom3.netcom.com>
Message-ID: <9307170311.AA15511@triton.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


According to Norman Hardy:
> J. Michael Diehl wrote:
>     I'm having a philosophical problem regarding when to sign someone
>     else's public key.
>  
> It strikes me that while a public key may be properly associated with
> someone that you know by sight it may more generally be associated
> with an abstract reputation. Connecting a face to a public key may
> be less useful than connecting a public key with someone that
> I recognize by reputation. I don't know Stephen Wolff by sight
> but I do know him by reputation and have conversed with
> him by e-mail. If during these conversations we had exchanged
> public keys, even thru insecure channels, then that would be
> more reliable than exchanging keys with someone that I met
> in person who claimed to be Steve Wolff but with whom I did not
> have time to converse. Steve's reputation with me arose thru a book
> he wrote. If he had included his private key there it would be
> better yet. (Public keys had not been invented then.)
> Having been influenced by Steve's book I would be inclined to
> accept Steve's opinions in related areas, if they were signed
> by his private key. I need not know what Steve looks like!

This is a good point, but I believe that eventually, people will want to sign
legal documents via pgp and such.  So being able to tie a pseudonym to a 
reputation to a public key to a REAL LIVE PERSON is very important.  I think 
that for many people, your attitude is one they can live with.  This is what I
was debating when I posted the original question.  But for others, your policy
may not be secure enough.  I'm working on a key-signing policy for myself which
I will make available via finger or request.  Laters.

+-----------------------+-----------------------------+---------+
| J. Michael Diehl ;-)  | I thought I was wrong once. | PGP KEY |
| mdiehl@triton.unm.edu |   But, I was mistaken.      |available|
| mike.diehl@fido.org   |                             | Ask Me! |
| (505) 299-2282        +-----------------------------+---------+
|                                                               |
+------"I'm just looking for the opportunity to be -------------+
|            Politically Incorrect!"   <Me>                     |
+-----If codes are outlawed, only criminals wil have codes.-----+
+----Is Big Brother in your phone?  If you don't know, ask me---+