From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 21 May 1996 15:18:51 +0800
To: bryce@digicash.com
Subject: Re: Senator, your public key please?
In-Reply-To: <199605182038.WAA09047@digicash.com>
Message-ID: <9605202045.AA00456@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


T.C. May (tcmay@got.net) writes :
>  The web of trust may not be transitive, but the "web of taint"
>  may be more so.
>
>  New forms of blackballing, blacklisting, redlining, etc.
>
>  And I fully expect that who signs one's keys, and whose
>  signatures are found on one's keys, may become a political
>  and legal issue in the coming years.
>
>  What if, for example, Sen. Leahy _did_ end up in the web of
>  trust for Aryan Nation? Even if he never intended it, this
>  could have some severe PR repercussions.

bryce@digicash.com writes:
>  For example, there is no reason why the hypothetical racist
>  "Tom Metzger" would sign no black people's keys.  A key
>  signature (PGP style) is just an assertion about the identity
>  of someone.  Haven't racists engraved markings on people's
>  clothes, buildings, land, bodies and other belongings in order
>  to identify the owners?  So why not do the same for keys.

Your local KCA (KKK Certification Authority) could as easily issue a "This  
key is owned by a Nigger." certificate for a public key as TRW could issue a  
"This key is owned by a Deadbeat." certificate.  Presumably, future versions  
of PGP and other public-key crypto systems will support free-form certificate  
generation and not the quasi-fixed-definition signatures currently found in  
PGP.

You can be sure that there will be rallying cries for laws to be passed to  
ensure the accuracy of statements made in key certificates, that characters  
are not defamed, that libel is not committed, etc...  Lots of the same issues  
involving any other type of speech and the international and sometimes  
untraceable nature of the Net.  What do you do about a signature on your key,  
posted anonymously to the net, which names you as one of the Four  
Horsemen(*tm)?

How will current laws relating to credit-rating bureaus and the like be  
applied to key certificates?  Will the MIT key-server be fined for supplying  
along with public keys any signatures older than 7 years?

As the potential value (positive or negative) of certificates on public keys  
increases, expect the TrueIdentity crowd to suggest that their vision of the  
future will also help prevent certificate abuse.

For key signatures to be useful, the protocols must allow for the attachment  
and distribution of certificates against the will of the key-holder.  In  
doing so there will always be the possibility of abuse.


andrew