From: franl@centerline.com (Fran Litterio)
To: cypherpunks@toad.com
Message Hash: cccd7a009755dadcc33f2a8439de635fe898892fa2908bbe5c2591226a2d9d58
Message ID: <FRANL.94Oct5141756@draco.centerline.com>
Reply To: <FRANL.94Oct5093142@draco.centerline.com>
UTC Datetime: 1994-10-05 18:57:18 UTC
Raw Date: Wed, 5 Oct 94 11:57:18 PDT
From: franl@centerline.com (Fran Litterio)
Date: Wed, 5 Oct 94 11:57:18 PDT
To: cypherpunks@toad.com
Subject: Re: Nom de guerre public key
In-Reply-To: <FRANL.94Oct5093142@draco.centerline.com>
Message-ID: <FRANL.94Oct5141756@draco.centerline.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
nelson@crynwr.com (Russell Nelson) writes:
> From: franl@centerline.com (Fran Litterio)
>
> That's part of it, but the more important binding created by a
> signature is the binding between the userid and the real person.
> Without that binding, the binding between the key and the userid is
> useless.
>
> Nonsense. You're assuming that the real person wishes to carry their
> reputation over onto their key/userid combination. Perhaps they wish
> to establish a separate reputation for it? And once they've
> established that reputation, they wish to change keys? Might you not
> sign such a new key?
I would not sign a pseydonymous entity's key based soley on the
reputation of the entity. How do I defend against a man-in-the-middle
attack -- how do I know I'm not signing the middle-man's key instead
of the entity's key?
With a real person, my defense is to use a tamperproof out-of-band
channel to verify the key fingerprint: a phone call (for a friend
whose voice I recognize) or a personal meeting with passports (for
someone I don't know very well). How do I do that with a pseudonymous
entity? I'd really like to know if it's possible to do.
I'm all in favor of pseudonymous entities building reputations, but I
think that the price of pseudonymity is the inability to be part of a
PGP-like Web of Trust.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
iQCVAwUBLpLtrneXQmAScOodAQGvRwP+Jj8aR/Qmbd9EdPmCzBw6AGj0fvXhdgal
MXN0HYsqiFPcqZf2GeeE764DpZrCAa54RheXsFa9sjkfJSzN2MfqV4HOiI/X3TvP
qZjt0Bzc8FX5e88CPTE7ajISbPWhhHyGYcbf5IY6u/a55jmSiwSUTuEysFb37QIT
2SCgNSW6uNs=
=ejKn
-----END PGP SIGNATURE-----
--
Fran Litterio franl@centerline.com (617-498-3255)
CenterLine Software http://draco.centerline.com:8080/~franl/
Cambridge, MA, USA 02138-1110 PGP public key id: 1270EA1D
Return to October 1994
Return to “tcmay@netcom.com (Timothy C. May)”