Opportunistic Encryption [Was: Keys not trusted]

Mark H. Wood mwood@IUPUI.Edu
Wed May 14 15:36:04 2003


On Tue, 13 May 2003, Jason Harris wrote:
> On Tue, May 13, 2003 at 05:52:47PM +0400, Yenot wrote:
[snip]
> >     Advertising e-mail addresses combined with a list of your closest
> >     contacts (via signatures) works well for an authentication
> >     protocol, but it's not a good privacy protocol.
>
> Privacy and anonymity are two separate things.

Hear, hear.  I'm often surprised at the variety of things which get lumped
together these days under the heading "privacy", still more under
"security".

> Assume we didn't, but still wanted to encrypt email.  At a keysigning,
> we'd have to provide our email addresses anyway.  (Photo IDs might be
> irrelevant if we're not certifying everyone's real name for any
> auxiliary purposes.)  We could take everyone's word that they own the
> keys they claim to own, or we could email them encrypted challenges.
> In our MUAs, we'd probably manually associate key with email addresses.
> This gives us keys which can't be harvested for their email addresses
> and can't be attached to a real person unless you've met them at a
> keysigning or do traffic analysis on their email.  (If needed, use
> --throw-keyid so that anyone doing traffic analysis can't attribute
> a specific key[id] to that person.)
>
> (If you need even more anonymity, wear masks at the keysigning and
> communicate through anonymous channels.)
>
> The WoT doesn't cease to exist for "anonymous" keys.  In fact, it
> becomes purer.  If you don't have a trust path to an "anonymous" key,
> you can't even put any trust into it based on a name or email address
> that you might be willing to trust.

I need a little help here.  What, exactly, would an "anonymous" key
*mean*?  To what would a document signed by such a key be bound, and why
would I care?

(I'm always swimming against the current.  While it seems everyone else
wants to become invisible, I've been wondering how to go about getting
really high-quality identity documents, both paper and electronic.  I
*want* to be well-known, *on my terms*.)

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".