Opportunistic Encryption [Was: Keys not trusted]
Mark H. Wood
Wed May 14 15:36:04 2003
On Tue, 13 May 2003, Jason Harris wrote:
> On Tue, May 13, 2003 at 05:52:47PM +0400, Yenot wrote:
> > Advertising e-mail addresses combined with a list of your closest
> > contacts (via signatures) works well for an authentication
> > protocol, but it's not a good privacy protocol.
> Privacy and anonymity are two separate things.
Hear, hear. I'm often surprised at the variety of things which get lumped
together these days under the heading "privacy", still more under
> Assume we didn't, but still wanted to encrypt email. At a keysigning,
> we'd have to provide our email addresses anyway. (Photo IDs might be
> irrelevant if we're not certifying everyone's real name for any
> auxiliary purposes.) We could take everyone's word that they own the
> keys they claim to own, or we could email them encrypted challenges.
> In our MUAs, we'd probably manually associate key with email addresses.
> This gives us keys which can't be harvested for their email addresses
> and can't be attached to a real person unless you've met them at a
> keysigning or do traffic analysis on their email. (If needed, use
> --throw-keyid so that anyone doing traffic analysis can't attribute
> a specific key[id] to that person.)
> (If you need even more anonymity, wear masks at the keysigning and
> communicate through anonymous channels.)
> The WoT doesn't cease to exist for "anonymous" keys. In fact, it
> becomes purer. If you don't have a trust path to an "anonymous" key,
> you can't even put any trust into it based on a name or email address
> that you might be willing to trust.
I need a little help here. What, exactly, would an "anonymous" key
*mean*? To what would a document signed by such a key be bound, and why
would I care?
(I'm always swimming against the current. While it seems everyone else
wants to become invisible, I've been wondering how to go about getting
really high-quality identity documents, both paper and electronic. I
*want* to be well-known, *on my terms*.)
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".