[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MIT Keysigner CA



   From: Christian Odhner <[email protected]>

   I trust a key to be an introducer if and when 
   I am sure that a signature by that key means that the signed key belongs 
   to the identity (be it "real" or a 'nym) it claims to represent. 

There is a qualitative difference between a real identity and a
pseudonym identity.  A real identity has a body attached to it and a
pseudonym identity does not.  The phrase "belongs to" cannot be used
in the same sense for both of these, and the failure to discriminate
between them is a fallacy.

With a pseudonym, the identity _is_ the key.  All you need to do is to
ensure that the pattern of bits in the key does not change during
distribution.

As far as an MIT autosigner, the signature will simply represent a
reduction to the trustability of the MIT account assignment procedure.
This is not a reduction to bodily identity and should not be construed
as such.

In fact, a MIT autosigner is exactly what I was talking about when I
advocated that communication provider sign keys.  (Good work as usual,
Derek.)  The signature here represents an attestation that a given key
(that is, a given identity) can be reached through a particular
mailbox.

Almost all email is effectively pseudonymous already, even if there is
a shadow of the procession of bodies behind the email.  It makes good
sense to speak of mailing to a key; this is the logical operation of
creating an informational space accessible only to the holder of a
secret.  A mailbox is merely a physical and technical means for
reaching that space.

Eric