[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Senator, your public key please?
T.C. May ([email protected]) writes :
> The web of trust may not be transitive, but the "web of taint"
> may be more so.
>
> New forms of blackballing, blacklisting, redlining, etc.
>
> And I fully expect that who signs one's keys, and whose
> signatures are found on one's keys, may become a political
> and legal issue in the coming years.
>
> What if, for example, Sen. Leahy _did_ end up in the web of
> trust for Aryan Nation? Even if he never intended it, this
> could have some severe PR repercussions.
[email protected] writes:
> For example, there is no reason why the hypothetical racist
> "Tom Metzger" would sign no black people's keys. A key
> signature (PGP style) is just an assertion about the identity
> of someone. Haven't racists engraved markings on people's
> clothes, buildings, land, bodies and other belongings in order
> to identify the owners? So why not do the same for keys.
Your local KCA (KKK Certification Authority) could as easily issue a "This
key is owned by a Nigger." certificate for a public key as TRW could issue a
"This key is owned by a Deadbeat." certificate. Presumably, future versions
of PGP and other public-key crypto systems will support free-form certificate
generation and not the quasi-fixed-definition signatures currently found in
PGP.
You can be sure that there will be rallying cries for laws to be passed to
ensure the accuracy of statements made in key certificates, that characters
are not defamed, that libel is not committed, etc... Lots of the same issues
involving any other type of speech and the international and sometimes
untraceable nature of the Net. What do you do about a signature on your key,
posted anonymously to the net, which names you as one of the Four
Horsemen(*tm)?
How will current laws relating to credit-rating bureaus and the like be
applied to key certificates? Will the MIT key-server be fined for supplying
along with public keys any signatures older than 7 years?
As the potential value (positive or negative) of certificates on public keys
increases, expect the TrueIdentity crowd to suggest that their vision of the
future will also help prevent certificate abuse.
For key signatures to be useful, the protocols must allow for the attachment
and distribution of certificates against the will of the key-holder. In
doing so there will always be the possibility of abuse.
andrew