1995-08-22 - No Subject

Header Data

From: Bryce Wilcox <wilcoxb@nagina.cs.colorado.edu>
To: wilcoxb@cs.colorado.edu
Message Hash: 775bda4be40a145718b50efc32e5ff20fcd3f81601e70c996de76c21baa87f07
Message ID: <199508220146.TAA12445@nagina.cs.colorado.edu>
Reply To: N/A
UTC Datetime: 1995-08-22 01:47:07 UTC
Raw Date: Mon, 21 Aug 95 18:47:07 PDT

Raw message

From: Bryce Wilcox <wilcoxb@nagina.cs.colorado.edu>
Date: Mon, 21 Aug 95 18:47:07 PDT
To: wilcoxb@cs.colorado.edu
Subject: No Subject
Message-ID: <199508220146.TAA12445@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Here is an article that I just posted to alt.security.pgp and sci.crypt.
Having had a couple of hours to calm down, it seems a little frenetic, but
there is enough truth in it that I will now repost it to cypherpunks.

Context:  Someone was asking how he could go about verifying the identity of
an anonymous interlocutor, so that he could sign his public key.



- -----BEGIN PGP SIGNED MESSAGE-----

Look, I don't have a lot of time here, but I need to say that this whole
"certifying anonymous keys" idea is misled.  The fact is, *I* *don't* *care*
what your True Name is.


I can only think of two reasons why you would need a person's True Name,
and I doubt that anybody here can apply either of these reasons to anyone 
else here.


Reason Number Uno, why you might want a person's True Name:

Because you want to physically hurt them, or effectively threaten to hurt
them.  (Or send someone else to do it, like a hit man, policeman, etc.)


Reason Number Dos, why you might want a person's True Name:

Because you want to have sex with them.  (Or as above, if you prefer to do it
through proxies...)



Okay now does anyone want to do any of the above two things to me?  If not
then *don't* *worry* about whether my public key is signed by anyone or not.
It makes zero difference to you until such a time as one of the above
motivations acquires.



Zimmermann et al. were/are naive to emphasize the Web of Trust as a means of
introducing strangers.  With very few exceptions, strangers don't *need*
to verify each other's physical identities!  This fact is central to some of
the more interesting social evolutions that information technology promises
to cause.  In retrospect, the emphasis in "pgpdoc1.txt" on verifying True
Names via mutually trusted introducers will seem quaint.



Bryce
Announcement: I have had technical difficulties.  If you sent me e-mail
between Aug 5 and Aug 20 and didn't receive a response, please re-send.
signatures follow:


                                 +                                           
    public key on keyservers     /.       island Life in a chaos sea         
    or via finger 0x617c6db9     /             bryce.wilcox@colorado.edu     
                                 ---*                                     

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed with Bryce's Auto-PGP v1.0beta

iQCVAwUBMDkLf/WZSllhfG25AQFhxwP6AzS0nus2QK8UEF5rvyqhFrwpzeAEE/Vr
BwRXJtstk5ln2f3SRh7BSYfda/TQDJe2VRt0qMF1xNCt1VLP+QCyr06LqZ0i/qv0
/CpC85/QRAgpQtrgyFKR6v3Ryi3MbeiUQuEOSgU+OelvZ5XcoRP3o5WDp18N4+Pv
5ddGzIVXQEk=
=5rxb
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed with Bryce's Auto-PGP v1.0beta

iQCVAwUBMDk3AfWZSllhfG25AQGQCgQAld0FFtRVZgDKZ1ofok4pK9zAAqlJHCiO
A+eLsSolfIvvfpTiE0viJUOuXIywnWzBT50js4LodwsQI4cKSVfnHdYNI4aoyQJf
G2P7dy7BaryOj8C74U2gYYq8Lys6Mh/i640KEa77EV4ZEDpLhSi25R+LB58qjvwJ
l705Z8I/Bhs=
=+xrs
-----END PGP SIGNATURE-----





Thread