[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signing nyms' keys (Was: Report on Portland Cpunks...)



At 05:12 PM 1/24/96 -0800, Bruce Baugh wrote:
>At 01:42 PM 1/24/96 PST, [email protected] wrote:
>
>>Furthermore, by signing a nym's key you place yourself at risk.  If you
>>sign the nym's key with your own key -- or sign using the key of your
>>own nym, and that nym is subsequently "outed" -- then anyone wishing to
>>find the individual(s) behind any nym whose key you've signed can
>>attempt to coerce you into revealing this information, since you have
>>claimed to know it.
>
>This is the real problem, one which doesn't (to me) have a ready solution.
>If others can demonstrate that there [is|is not] some fairly straightforward
>way around it, I'd be happy to read it.

This is a problem with the web of trust in general.  It is known as "Guilt
by Association".  

Person X commits treasonable act A.  All of the persons who are signed on to
his key could be considered to be co-conspirators.  The same applies to
nyms.  The difficulty with prosecuting nyms is finding the link to the real
world individual.  Anyone associated with him/her/it will be considered to
be guilty by reason of key signage or a way of determining who the real
person is...

The only way I see getting around this is only signing nyms with nyms or
having some sort of zero knowlege proof on a key signing authority.
Something where you can issue some sort of proof to the signing authority
that you are who you say you are without giving any information about your
"real" identity.  I know of no foolproof way of doing this...

I guess we are stuck with the "Web of Guilt"...

  
Alan Olsen -- [email protected] -- Contract Web Design & Instruction
        `finger -l [email protected]` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"