1994-10-06 - Re: Nom de guerre public key
Header Data
From: Joe Thomas <jthomas@access.digex.net>
To: Fran Litterio <franl@centerline.com>
Message Hash: f99f6e3d81b21d5a75c23afd242c29aebcf2a475b46b19e4218e80c6d9ff019b
Message ID: <Pine.SUN.3.90.941005223602.27984A-100000@access3.digex.net>
Reply To: <FRANL.94Oct5141756@draco.centerline.com>
UTC Datetime: 1994-10-06 02:51:17 UTC
Raw Date: Wed, 5 Oct 94 19:51:17 PDT
Raw message
From: Joe Thomas <jthomas@access.digex.net>
Date: Wed, 5 Oct 94 19:51:17 PDT
To: Fran Litterio <franl@centerline.com>
Subject: Re: Nom de guerre public key
In-Reply-To: <FRANL.94Oct5141756@draco.centerline.com>
Message-ID: <Pine.SUN.3.90.941005223602.27984A-100000@access3.digex.net>
MIME-Version: 1.0
Content-Type: text/plain
On 5 Oct 1994, Fran Litterio wrote:
> > That's part of it, but the more important binding created by a
> > signature is the binding between the userid and the real person.
> > Without that binding, the binding between the key and the userid is
> > useless.
>
> I would not sign a pseydonymous entity's key based soley on the
> reputation of the entity. How do I defend against a man-in-the-middle
> attack -- how do I know I'm not signing the middle-man's key instead
> of the entity's key?
> I'm all in favor of pseudonymous entities building reputations, but I
> think that the price of pseudonymity is the inability to be part of a
> PGP-like Web of Trust.
I probably ought to get out of lurk mode here, since my signature can be
found on the key of one of the more prominent pseudonyms on the list,
Black Unicorn. I met Uni briefly at one of the (two) D.C. area
cypherpunks meetings, last spring. I didn't check his ID. For all his
reluctance to give his name here, he did, as I recall, attempt to give it at
at the meeting. (Pat Farrell was trying to draw a seating chart so we'd
know what to call each other, but he had trouble spelling Uni's
name.)
I guess it could have been an impostor at the meeting, but enough
of the details seemed to match up that I didn't have any doubts about
him. And I've probably got enough information from his posts, and my
hazy recollection of his first name, to find out who he is, if I felt
like it.
I guess my point is that key signing doesn't always fit into one
particular category, one that requires a drivers license or passport.
That (or personal knowledge of the person) is the most secure method for
keys that are clearly bound to a specific person, but it's not the only
way things are done.
Joe
Thread
Return to October 1994
- Return to “Derek Atkins <warlord@MIT.EDU>”
- Return to “franl@centerline.com (Fran Litterio)”
- Return to “Joe Thomas <jthomas@access.digex.net>”
- Return to “nelson@crynwr.com (Russell Nelson)”
- Return to “nobody@jpunix.com (Anonymous)”
Return to “tcmay@netcom.com (Timothy C. May)”
- 1994-10-02 (Sun, 2 Oct 94 14:12:33 PDT) - Nom de guerre public key - nobody@jpunix.com (Anonymous)
- 1994-10-02 (Sun, 2 Oct 94 14:46:21 PDT) - Re: Nom de guerre public key - tcmay@netcom.com (Timothy C. May)
- 1994-10-03 (Sun, 2 Oct 94 17:56:43 PDT) - Re: Nom de guerre public key - franl@centerline.com (Fran Litterio)
- 1994-10-03 (Sun, 2 Oct 94 19:12:56 PDT) - Re: Nom de guerre public key - tcmay@netcom.com (Timothy C. May)
- 1994-10-05 (Wed, 5 Oct 94 06:57:18 PDT) - Re: Nom de guerre public key - franl@centerline.com (Fran Litterio)
- 1994-10-05 (Wed, 5 Oct 94 08:00:13 PDT) - Re: Nom de guerre public key - nelson@crynwr.com (Russell Nelson)
- 1994-10-05 (Wed, 5 Oct 94 11:57:18 PDT) - Re: Nom de guerre public key - franl@centerline.com (Fran Litterio)
- 1994-10-06 (Wed, 5 Oct 94 19:51:17 PDT) - Re: Nom de guerre public key - Joe Thomas <jthomas@access.digex.net>
- 1994-10-06 (Wed, 5 Oct 94 19:29:28 PDT) - Re: Nom de guerre public key - Derek Atkins <warlord@MIT.EDU>
- 1994-10-05 (Wed, 5 Oct 94 07:57:08 PDT) - Re: Nom de guerre public key - franl@centerline.com (Fran Litterio)