From: Eli Brandt <ebrandt@jarthur.Claremont.EDU>
Date: Sun, 24 Oct 93 15:13:26 PDT
To: cypherpunks list <cypherpunks@toad.com>
Subject: Re: ADMIN: proposed new policy on the mailing list
In-Reply-To: <9310242036.AA05082@anon.penet.fi>
Message-ID: <9310242209.AA08710@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Here's one: How do you verify a signature for an anonymous,
> first time poster?

You don't try -- what would it mean?  You accept the provided public
key, and use it to check the continuity of the pseudonym.

> How do we prevent people from registering a key in
> someone else's name??? It's beyond me.

The list, to check signatures, has to have a trusted key from
each nym.  But there are different sorts of trust.  One might
certify that a given key belongs to a known real-world meat
machine.  Or one might certify only that it corresponds to the
legitimate user of a given net address.  In theory, one could
even certify that the key holder was not forced to hand a copy
over the the NSA, or make whatever other guarantees one chooses.
I think the trusting of keys should be left to individuals, who
may have different ideas of what it means for them to accept
a given signature.

In PGP's "web of trust" model, is there a general consensus on what
it means to sign someone's key?

> Wonderer

   Eli   ebrandt@jarthur.claremont.edu