[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Senator, your public key please?
-----BEGIN PGP SIGNED MESSAGE-----
The entity calling itself Tim May <[email protected]> is alleged to have
written:
>
> Keys, key signings, and webs of trust can be used in all sorts of ways.
>
> And I expect the "burrowcrats" will try to regulate the use.
>
> Imagine, for example, if I use a "web of trust" to help me decide who's
> trustworthy enough to negotiate the sale of my house to.
>
> Further imagine that I want to see keys signed by Tom Metzger, my buddy
> from the Aryan Nations. Guess what? No blacks will have their keys signed,
> and hence I'll have to tell them, "Sorry, you're just not in my web of
> trust."
>
> (Now, this is a hypothetical, meant to show that use of a web of trust can
> trigger such decisions, and could thus trigger legal challenges.)
>
> The web of trust may not be transitive, but the "web of taint" may be more so.
>
> New forms of blackballing, blacklisting, redlining, etc.
>
> And I fully expect that who signs one's keys, and whose signatures are
> found on one's keys, may become a political and legal issue in the coming
> years.
>
> What if, for example, Sen. Leahy _did_ end up in the web of trust for Aryan
> Nation? Even if he never intended it, this could have some severe PR
> repercussions.
>
> An exciting new world we're entering.
All of these are products of misconceptions between using the
WoT to certify identities, versus using it to certify how much
you trust a person to certify someone else's identify, versus
using it to certify arbitrary other qualities about a person.
For example, there is no reason why the hypothetical racist "Tom
Metzger" would sign no black people's keys. A key signature
(PGP style) is just an assertion about the identity of someone.
Haven't racists engraved markings on people's clothes,
buildings, land, bodies and other belongings in order to
identify the owners? So why not do the same for keys.
This is illustrative of how much confusion reigns about keys,
certs, nyms, signatures and cetera right now.
I hope that TCMay is pointing out how _most_ people lack a
proper understanding of the differences, rather than reflecting
his own lack of understanding.
Phil Zimmermann was confused about this, I think, when he wrote
"Trust is not transitive.". Some kinds of trust _are_
transitive (with a coefficient, of course). Hm. I wonder if
there are kinds of trust whose transitivity coefficient is 1?
Regards,
Bryce
#include <stddisclaimer.h> /* I don't speak for anyone but myself. */
- -----BEGIN GOODTIMES VIRUS INNOCULATION-----
Copy me into your .sig for added protection!
- ----- END GOODTIMES VIRUS INNOCULATION-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: http://www.c2.net/~bryce/ -- 'BAP' Easy-PGP v1.1b2
iQB1AwUBMZ41LkjbHy8sKZitAQHvRwL/Qakezx7VlPRahLnHx/7vuK56pLOScjeH
uxF7fX7mXRHKThcnM4fcU/nJ4I6xGNjvYi8RZpSTnhIzUUEiBrDPKE6M1lcqbynC
1H8/L50tGljPyBsJFfIvdHQ3vGKKUtwH
=iG/i
-----END PGP SIGNATURE-----