[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: "trust management" vs. "certified identity"



At 12:00 PM 1/7/96 -0800, you wrote:

>We already operate largely in a "web of trust" model world.
>
>Here's a pertinent example. I've met perhaps 100 people from this list,
>over the last several years. Not a single one--not even one--have I ever
>seen any "proofs of identity" for. Did I say "Not a single one"?

How many people ask for "proof of Identity" from their friends?  Not very
many, I can bet...   (Maybe the excesivly paranoid.)

>I deal with them as "persistent personnas," with either their physical
>appearances (biometric security) or their writing styles/e-mail addresses
>providing the continuity of their persistent personna.

Things like this can complicate depending on your social circles.  For those
involved in the SCA (Society for Creative Anacrnyms) or Science Fiction
conventions people may or may not go under a host of names.  You may or may
not know their "true" name.

There are people who i have known for many years who are good friends and
yet I do not know their "real" name.  (And I am not really concerned about
not knowing that name.)  Some people I know by multiple names. (Makes
conversations interesting when the nyms change every few sentences...)  What
matters is the continuity of the individual, not what nym they happen to be
using at any given point.  (The net makes this alot more complex though, as
you usually do not have visual contact with the people you are responding
to... Individuals are harder to forge than e-mail.)

The criteria I use as to whether I can "trust" a source is based on a number
of factors.  Have they given reliable information in the past?  Does the
information corilate with other information from reliable sources?  Does
their attitude get in the way of the information provided?  (Sometimes it
takes heavy filters to discern fact from opinion or just a pissy
attitude...) What gains my respect is similar, but also based on their
general attitude and how they treat people.  (Of course there is not cert
mechanism for a "web of respect".) 

[examples cliped]

>Frankly, the notion that a central government would issue proofs of
>trustability, via identity cards and the like, is a modern invention.

I find the idea that a little card "proves" my identity a bizarre form of
mystisism.  (Especially when that "proof" can suddenly expire or be revoked
by the whims of the State.)

>(The message of Vinge's "True Names" was partly ironic, that one's True
>Name is important primarily in allowing tagging by the government. 

As has been said before, one of the main reasons for the Government's (and
others) desire for "true names" is so those that offend them can be punished. 


>Ordinary
>people rarely need True Names. As I said, I've never checked the supposed
>True Names of those I deal with. Nor have most of you, I strongly suspect.
>In fact, given the way credentials can be so easily forged, I wouldn't
>trust a driver's license or even a passport. And given the government's
>ability and demonstrated willingness to generate false
>documentation--60,000 new identities in the Witness Security Program, plus
>all the spies, narcs, etc.--I even more surely don't care what official
>identification supposedly proves.)

Government paperwork proves that "they" know who you are and have some sort
of hooks into your persona.  (taxation, legal, and/or otherwise.)  This is,
of course, if it is "real" identification and not forged by a competing
interest.

>I don't want official proof of my identity. If others want it, let them
>make their own arrangements.
>
>"Papieren, bitte! Macht schnell!"

"I don't have any papers.  All I got is a pipe!"

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmerman unites all| Disclaimer:          |
| mankind free in one-key-steganography-privacy!" | Ignore the man       |
|`finger -l [email protected]` for PGP 2.6.2 key |  behind the keyboard.|
|         http://www.teleport.com/~alano/         |  [email protected]  |