Why CAs or public keysigning?
Mark H. Wood
mwood@IUPUI.Edu
Thu Jun 19 16:42:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 19 Jun 2003, Peter L. Smilde wrote:
[snip]
> 4: At the moment only few people are using OpenPGP, so to most people
> you cannot send encrypted emails and secondly many of the few users know
> each other, so the identity is quite certain (e.g. the only Peter Smilde
> using OpenPGP :)). But in the context of secrecy of letter, one should
> encrypt all email; just not to make any really secret email attract
> attention, because it is one of very few email that is actually
> encrypted. In this context it should become more important to have a
> possibility to connect the identity of a person to his key by the
> potential user of the public key (which is no problem for the signer,
> who check ID-card against UID).
Yes, that's a problem for which the WoT doesn't give much help. It's not
the right tool. A nice large X.500 "white pages" directory in which you
can go fishing using multiple constraints would give much more confidence,
especially if one of the attributes was a link to a page with a
biographical sketch of the person to which the object refers. (Maybe
there should even be a standard for machine-searchable biography, like the
emerging standards for document metadata.) But since all of those
directory attributes are, of necessity, "personally identifying
information", in most countries we must wait for the individual to
volunteer them even if the public facilities for their advertisement are
available. (If this is not true in country X today, it will be soon.)
I think this points to a chicken/egg problem. If I'm going to *publish*
lots of personally identifying information, I want a strong authentication
infrastructure in place to prevent abuse. But the authentication
infrastructure needs the prior availability of the information to make it
useful in the general case.
One way out of the dilemma would be a set of common, *enforceable* rules
for identifying people in different situations. (That is, your banker
could *go to jail* if he accepts blind requests for access to your account
based solely on the requester's knowing your U.S. Social Security Number,
for example. Or an overzealous prosecutor could lose his job for
malfeasance if he draws unwarranted conclusions from your personal data
and drags you into court without good reason.) Right now there's great
potential for abuse, and very little one can do about it except to refuse
to participate in purported "progress". But the expectation of harm from
abuse diminishes in proportion to one's ability to *punish* abuse, even
with no reduction in the potential for that abuse.
Hmm, I see I'm helping to carry this thread away from any focus on GnuPG.
Maybe wider discussions of what the WoT can and cannot do should move
elsewhere? Where?
- --
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD8DBQE+8cwys/NR4JuTKG8RAj9oAKCjxylqCXkLwbbBaYZbvI3m55k/KwCgm7nI
cYqaIRjUdwfuol12GCyIM10=
=Rz/N
-----END PGP SIGNATURE-----