From: Eli Brandt <ebrandt@jarthur.Claremont.EDU>
To: cypherpunks list <cypherpunks@toad.com>
Message Hash: 02da57e7f4f86bfe55753eae5c13b0b4f4d01ebbc123dc5958d7aacc020553a6
Message ID: <9310242209.AA08710@toad.com>
Reply To: <9310242036.AA05082@anon.penet.fi>
UTC Datetime: 1993-10-24 22:13:26 UTC
Raw Date: Sun, 24 Oct 93 15:13:26 PDT
From: Eli Brandt <ebrandt@jarthur.Claremont.EDU>
Date: Sun, 24 Oct 93 15:13:26 PDT
To: cypherpunks list <cypherpunks@toad.com>
Subject: Re: ADMIN: proposed new policy on the mailing list
In-Reply-To: <9310242036.AA05082@anon.penet.fi>
Message-ID: <9310242209.AA08710@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
> Here's one: How do you verify a signature for an anonymous,
> first time poster?
You don't try -- what would it mean? You accept the provided public
key, and use it to check the continuity of the pseudonym.
> How do we prevent people from registering a key in
> someone else's name??? It's beyond me.
The list, to check signatures, has to have a trusted key from
each nym. But there are different sorts of trust. One might
certify that a given key belongs to a known real-world meat
machine. Or one might certify only that it corresponds to the
legitimate user of a given net address. In theory, one could
even certify that the key holder was not forced to hand a copy
over the the NSA, or make whatever other guarantees one chooses.
I think the trusting of keys should be left to individuals, who
may have different ideas of what it means for them to accept
a given signature.
In PGP's "web of trust" model, is there a general consensus on what
it means to sign someone's key?
> Wonderer
Eli ebrandt@jarthur.claremont.edu
Return to October 1993
Return to “Eli Brandt <ebrandt@jarthur.Claremont.EDU>”