[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cute.
>>What's the point in distribuing your public key through the same
>>channels as a signature? Kinda defeats the purpose. Esp since I can't
>>verify that the given public key is indeed yours, since you're anonymous.
As Robert and Tim point out, the important issue is that
you can tell that a posting claiming to be from "Amad3us"
is or is not by the same set of authors as the previous
articles by the pseudonym "Amad3us". This allows authors
to create and defend "reputation capital", and allows readers
to use the pseudonym to help evaluate their postings
and read them in the context of the previous postings by that nym,
regardless of which human body (or bodies) and True Name/s may
be attached to the author.
Without the signatures, the posting may be by an imposter
trying to take advantage of the positive reputation of a nym,
or trying to discredit the nym's reputation by bad postings,
or just having a Good Time with a hoax. Most of the pseudonymous
posters on Cypherpunks, and for that matter many of the
Probably True Name posters, don't sign most of their postings,
and we don't have a lot of forgeries, but every once in a while
somebody will do a lot of forgery, or will target an individual,
and you can know that any _signed_ posting is from someone
who holds the keys used to sign previous postings with those keys.
In the Name=Key=Body model of the world, somebody can get
other people to verify their identity and sign for it;
if you're a pseudonym, your only choices are to reveal and
demonstrate your identity to someone who can sign your keys,
or to just publish the keys early on and use them as needed.
In particular, if you publish the key with your first posting,
then you can demonstrate later that you're the poster who
used that name. Thus, Checkered Daemon announced his nym with
a key, and since I could find no other record of use of that name,
I was willing to sign that key 0x50EC521D as his (I do use
a separate key for signing nyms; I've signed them for a few other
people such as Black Unicorn, some of whom I've since met in person.)
You can also get similar results by posting your key fingerprint
in your messages and sending the key to a keyserver, and it's
a bit more compact, but for a first posting using a nym
it's worthwhile to include the key.
In Amad3us's case, I've only seen the posting referring to his original,
and not the original itself, and it was garbled enough that
I couldn't add the key to my keyring.
Thanks!
Bill
Bill Stewart, [email protected]
Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639