1996-01-25 - Re: Signing nyms’ keys (Was: Report on Portland Cpunks…)

Header Data

From: Alan Olsen <alano@teleport.com>
To: Bruce Baugh <cypherpunks@toad.com
Message Hash: a4895949870257d7a3b49fbb478f385832668e54f6e2af9cb2060eb53760744a
Message ID: <2.2.32.19960125024933.008d5c4c@mail.teleport.com>
Reply To: N/A
UTC Datetime: 1996-01-25 05:54:45 UTC
Raw Date: Thu, 25 Jan 1996 13:54:45 +0800

Raw message

From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jan 1996 13:54:45 +0800
To: Bruce Baugh <cypherpunks@toad.com
Subject: Re: Signing nyms' keys (Was: Report on Portland Cpunks...)
Message-ID: <2.2.32.19960125024933.008d5c4c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:12 PM 1/24/96 -0800, Bruce Baugh wrote:
>At 01:42 PM 1/24/96 PST, janzen@idacom.hp.com wrote:
>
>>Furthermore, by signing a nym's key you place yourself at risk.  If you
>>sign the nym's key with your own key -- or sign using the key of your
>>own nym, and that nym is subsequently "outed" -- then anyone wishing to
>>find the individual(s) behind any nym whose key you've signed can
>>attempt to coerce you into revealing this information, since you have
>>claimed to know it.
>
>This is the real problem, one which doesn't (to me) have a ready solution.
>If others can demonstrate that there [is|is not] some fairly straightforward
>way around it, I'd be happy to read it.

This is a problem with the web of trust in general.  It is known as "Guilt
by Association".  

Person X commits treasonable act A.  All of the persons who are signed on to
his key could be considered to be co-conspirators.  The same applies to
nyms.  The difficulty with prosecuting nyms is finding the link to the real
world individual.  Anyone associated with him/her/it will be considered to
be guilty by reason of key signage or a way of determining who the real
person is...

The only way I see getting around this is only signing nyms with nyms or
having some sort of zero knowlege proof on a key signing authority.
Something where you can issue some sort of proof to the signing authority
that you are who you say you are without giving any information about your
"real" identity.  I know of no foolproof way of doing this...

I guess we are stuck with the "Web of Guilt"...

  
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"






Thread