[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: signing keys for nyms

At 07:46 PM 8/21/95 -0600, Bryce Wilcox wrote:
>Look, I don't have a lot of time here, but I need to say that this whole
>"certifying anonymous keys" idea is misled.  The fact is, *I* *don't* *care*
>what your True Name is.
>I can only think of two reasons why you would need a person's True Name,
>and I doubt that anybody here can apply either of these reasons to anyone 
>else here.
>Reason Number Uno, why you might want a person's True Name:
>Because you want to physically hurt them, or effectively threaten to hurt
>them.  (Or send someone else to do it, like a hit man, policeman, etc.)
>Reason Number Dos, why you might want a person's True Name:
>Because you want to have sex with them.  (Or as above, if you prefer to do it
>through proxies...)
>Zimmermann et al. were/are naive to emphasize the Web of Trust as a means of
>introducing strangers.  With very few exceptions, strangers don't *need*
>to verify each other's physical identities!  This fact is central to some of
>the more interesting social evolutions that information technology promises
>to cause.  In retrospect, the emphasis in "pgpdoc1.txt" on verifying True
>Names via mutually trusted introducers will seem quaint.

Reason number 0 why you'd want someone's True Nym -
Because you've met them in person, or are a friend of a friend,
and want to make sure that the key you think is for Mr. X
isn't really the key for an imposter - if you've done Lefty Politics
over the last few decades, this is not unrealistic.
COINTELPRO may have been unreal and UnAmerican, but it happened.

Now, trusting people based on mutually trusted introducers may have
seemed quaint back in the 60s, and it certainly wasn't foolproof,
and planting the suspicion that someone _might_ be a cop was almost
as destructive as if they actually _were_ a cop.  But it's what there was.
(Ok, you had some extra sources of information, like whether the person
actually paid all their organization dues (COP!) or smoked dope with you
(and inhaled) or started advocating unreasonable violence (probable cop)...)

That doesn't mean you checked government-issue ID from people or necessarily
even used True Names; you could be dealing with people in person who
you only knew as "Bill from Delaware" or "Bear" or "Jeanie from the Sierra
but at least if you only trust keys from introducers who know people in person,
you're limiting your electronic conspiracy to people you would have conspired
with in person as well.  (Now, _I_ never bought drugs from Bear, and at this
point I don't even remember his True Name - but I didn't turn him in, either...)
#                                Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281

	   "The fat man rocks out
	Hinges fall off Heaven's door
	   "Come on in," says Bill"    Wavy Gravy's haiku for Jerry