1995-12-13 - Web O Trust, active attacks against same, etc. AGAIN. (was: Usability of Cryptography (was Re: More FUD from First Virtual) )
Header Data
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
To: “James A. Donald” <jamesd@echeque.com>
Message Hash: 8ca8a70f4a8acbca46a9d45a2996dd38fe027eeaac0fa59ebb25e0ef66250837
Message ID: <199512132039.NAA14799@nagina.cs.colorado.edu>
Reply To: <199512130722.XAA11947@blob.best.net>
UTC Datetime: 1995-12-13 22:24:38 UTC
Raw Date: Thu, 14 Dec 1995 06:24:38 +0800
Raw message
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Thu, 14 Dec 1995 06:24:38 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Web O Trust, active attacks against same, etc. AGAIN. (was: Usability of Cryptography (was Re: More FUD from First Virtual) )
In-Reply-To: <199512130722.XAA11947@blob.best.net>
Message-ID: <199512132039.NAA14799@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
An entity calling itself "James A. Donald" <jamesd@echeque.com>
allegedly wrote:
>
> Web of trust is a mess because it attempts to link keys to
> physical people, which in general cannot be done.
*******************************
Do you wish to substantiate this rather brazen assertion?
I am very sure that PGP public key 0xCC56B2E9 belongs to my
housemate Sebastian Kuzminsky <kuzminsk@colorado.edu>. Is
there some reason why I should doubt this belief?
Furthermore my mother <rwilcox@mesa5.mesa.colorado.edu>
<0x5E93210D> is very sure that PGP public key 0x617c6db9
belongs to me, and she is very sure that I am a trustworthy
introducer of keys. Is there some reason why she should
abstain from associating Seb's key <0xCC56B2E9> in her mind
with my housemate?
> If we stick to a lesser goal -- constancy of identity --
> this is not so hard. In general it is impossible to prove that
> Bryce is the "real" Bryce, but it is trivial to prove that
> Bryce is the same Bryce who has a certain Web page, and the
> same Bryce who posted a certain article in archives.
But if I am the victim of a successful active attack then you
are *not* certain that I am the same Bryce. The Bryce who
posted a certain article in the archives might be completely
different from (and antagonistic toward!) the Bryce who later
contacts you in e-mail using the same public key. Do you see
why?
> We should blow off this attempt to do the impossible.
It is far from impossible. In fact, it is easy if we pay
attention and cooperate.
Note that I am in complete agreement with you about the (non-)
value of "True" identities. In the above example I do not
expect you to care which Bryce is the "real" Bryce, but I *do*
expect you to care that the two Bryces are different.
In short, the Web O Trust is important to maintain constancy
of identity. It is not trivial, but neither is it impossible,
to do so.
Regards,
Bryce, a unique and autonomous entity
signatures follow
"To strive, to seek, to find and not to yield." -Tennyson
<a href="http://www.c2.org/~bryce/Niche.html">
bryce@colorado.edu </a>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01
iQCVAwUBMM855vWZSllhfG25AQG8JQP+Ikc9sfUdEQHhLTM1/cTlimFBKB/ppifD
N58Eh6e6UboOeoatcLdHgEEkrewhYkVD+AcIoV5CUHLt22Q88vjH2Fq9jJ+tV3CO
65r9kyVeIg49qQZHx0FrSTytoTrY3Zg9RdJoh4zT/Vy36dCcwgRcfAzkPdMBfQqU
W9mViQbS5w0=
=KyrB
-----END PGP SIGNATURE-----
Thread
Return to December 1995
- Return to “Bryce <wilcoxb@nagina.cs.colorado.edu>”
- Return to ““James A. Donald” <jamesd@echeque.com>”
Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”
- 1995-12-13 (Wed, 13 Dec 1995 16:48:45 +0800) - Re: Usability of Cryptography (was Re: More FUD from First Virtual) - “James A. Donald” <jamesd@echeque.com>
- 1995-12-13 (Wed, 13 Dec 1995 21:59:24 +0800) - Re: Usability of Cryptography (was Re: More FUD from First Virtual) - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1995-12-13 (Thu, 14 Dec 1995 06:24:38 +0800) - Web O Trust, active attacks against same, etc. AGAIN. (was: Usability of Cryptography (was Re: More FUD from First Virtual) ) - Bryce <wilcoxb@nagina.cs.colorado.edu>