From: Jiri Baum <jiri@baum.com.au>
Date: Mon, 19 Feb 1996 14:25:28 +0800
To: bryce@colorado.edu
Subject: Re: An entity calling itself Kilroy was probably here (was: Web Page Authentication (was: Anti-Nazi Authentication) )
Message-ID: <199602190556.QAA21493@mail.mel.aone.net.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Bryce and Cypherpunks,

#ifdef CDA

In case I ever want to visit the US, here's a warning I've swiped
off the top of some poetry:

                    Leganto, se vi estas pruda
                    Kaj na`uzas vin la amo nuda,
                    Se indignigas vin la bolo
                    De la temperamento suda,
                    Se ^genas vian delikaton
                    La grimaceto am-aluda,
                    Pripensu bone anta`u lego:
                    Tute ne estas mi altruda,
                    For^jetu min, retiru vin
                    Al via dika ^sel' testuda.

                    Leganto! Jen la lasta voko!
                    Tuj sekvos jam dan^gera loko!
                    For^jetu min! Beda`urus mi,
                    Se vin mortigus nervo-^soko!

                    -------------------------------

                    Leganto! Mi avertas due!
                    Pripensu, ^cu vi legos plue!
                    Pilate levas mi la manojn,
                    Se mi efikos misinflue.
                    Neniu vin devigas legi,
                    Anstata`u indigni^gi brue,
                    For^jetu min, for^jetu min,
                    Ankora`u estas ne malfrue.

                           -- from: Peter Peneter, Sekretaj Sonetoj

OK, so maybe my post is nowhere near as good as said poetry, but
better safe than sorry :-)

#endif


Somebody wants us to think that Bryce Wilcox wrote:

...
>This quotes some mail sent directly to me by (probably) an 
>entity calling itself "Jiri Baum".  I apologize in advance
>if said probable entity is offended at my broadcasting his
...

No problem; being unsubscribed at the moment, could you please
forward to me any replies? Thanks!

...
>  +---+---- Bryce
>  |   |
>+---+------ Probably an entity calling itself Jiri
>| | | |
>v v v v
>> > > > An entity calling itself Jiri Baum 
>> > > > <jirib@sweeney.cs.monash.edu.au> probably wrote:
>> > > ...
>> > > 
>> > > Probably? Didn't I sign it? :-)
...
>> I guess it depends on whether we are talking about "Jiri Baum
wrote"
>> (about which you'd be perfectly right) or "An entity calling
itself
>> Jiri Baum wrote". Witness:
...
>Well now let's say that an active attacker had supplanted
>your public key with his own.  He is not, really, an entity
>who calls himself "Jiri".  I mean, sure by using a public 
>key which he controls and which has "Jiri" on it he is 
>calling himself "Jiri", but he rarely if ever actually talks
>to people and says things which those people associate with 
>the name "Jiri".
...

Hold on - yes she does! That's the point of a MITM: she wants people
to associate things she says with the name "Jiri". (I'll use a female
MIMT to distinguish her from the real McCoy.)

The question asked by PGP when key-signing is: "Based on your own
direct first-hand knowledge, are you absolutely certain that you are
prepared to solemnly certify that the above public key actually
belongs to the user specified by the above user ID?". 

There is no exception for self-signing. The MIMT controlling the
public key would be prepared to solemnly certify that the key belongs
to the entity called "Jiri", in other words, that she is "Jiri".

...
>More significantly, he never thinks of
>*himself* as "Jiri".  So in this most fundamental sense he
>does not "call himself Jiri".
...

Well, she may not *think* of herself as "Jiri", but she is prepared
to swear (solemnly certify) that she is. Isn't that "calling herself
Jiri"?

...
>*You* are the entity who calls yourself Jiri, and I can only
>say that you "probably" wrote the above because I'm not sure
>if you actually control the public key associated with your 
>name.
...

Well, I control *a* key associated with my name (undisputed, last I
checked the keyservers). There may be other persons using the name
"Jiri Baum" (though I don't know of any except pre-WW2).

...
>mouth and so forth?  Maybe I should say "An entity who calls
>itself 'Jiri Baum' and is more or less unaware of any nym
>collision regarding that nym...".
...

Hmm, "John Smith" is going to have trouble signing that one... many
people have nym collisions they are aware of, without any malicious
intent (eg son named after father).

...
>Yeah, that one seems bulletproof...
...

Except you don't know whether I'm aware of any nym collision. You
could say "An entity who calls itself 'Jiri Baum' and claims to be
more or less unaware of any nym collision regarding that nym..." but
then you'll have to ask each key-holder whether or not he is aware of
such a collision.

...
>> True - I guess that's another use - a time-stamping service could
>> sign any page that asks for it. Time to whip up yet another CGI
...
>Wei Dai <weidai@eskimo.com> and Matthew Richardson 
><matthew@itconsult.co.uk> have both done this.  I suspect
...

But I thought there were only e-mail timestampers, not web-page
timestampers... (ie, a form would ask for a URL and output just a
detached signature).

...
>I myself use Usenet and mailing lists as a sort of poor
>man's time-stamping service.  If I invent an idea or some
...

I suppose that'll probably work (especially if the idea is worth
saving); a thing I've heard of in the traditional world is to put it
in an envelope, send it to yourself registered and keep the sealed
envelope; but I'm not a lawyer so I wouldn't have a clue to what
extent it works... Besides, it's off-net.


Please Cc any replies to me as I'm off-cypherpunks at present.


ObConspiracyTheory: CoS & CDA ?


ObCDA:
        Jes, ^caste, sen malpuro de pasio
        Mi vin ornamis per admira kron'...
        Kio okazis do en subkonscio,

        Ke, ne timante brilon de l'salon',
        Levante kapon sin anoncis io:
        Fripona bub' en mia pantalon'.

                           -- ibid.

(I'm *sure* that's indecent somewhere.)


Hope I'm making sense, and sorry about the excessive head and tail
matter...

Jiri

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMSggaRQ9DWdGOhTVAQGJdwP+IxJ3AxuNUOcDpppoKqtH3ovGeqDcupGu
f6KzVxsRCxEESvwwo9s9Chg50+OqAwjHiloiLJY1CCKe1cjFU4/oZi6lBmHqCbrb
Zui1caNRMYUHCNpAc6QBrDc4DmZ6y1ymg+lNjzvq2fNAQxOMPRwBZx/h3w8Jftze
c7sWILGw6bI=
=nGwO
-----END PGP SIGNATURE-----