Opportunistic Encryption [Was: Keys not trusted]

Mark H. Wood mwood@IUPUI.Edu
Wed May 14 15:36:04 2003

On Tue, 13 May 2003, Jason Harris wrote:
> On Tue, May 13, 2003 at 05:52:47PM +0400, Yenot wrote:
> >     Advertising e-mail addresses combined with a list of your closest
> >     contacts (via signatures) works well for an authentication
> >     protocol, but it's not a good privacy protocol.
> Privacy and anonymity are two separate things.

Hear, hear.  I'm often surprised at the variety of things which get lumped
together these days under the heading "privacy", still more under

> Assume we didn't, but still wanted to encrypt email.  At a keysigning,
> we'd have to provide our email addresses anyway.  (Photo IDs might be
> irrelevant if we're not certifying everyone's real name for any
> auxiliary purposes.)  We could take everyone's word that they own the
> keys they claim to own, or we could email them encrypted challenges.
> In our MUAs, we'd probably manually associate key with email addresses.
> This gives us keys which can't be harvested for their email addresses
> and can't be attached to a real person unless you've met them at a
> keysigning or do traffic analysis on their email.  (If needed, use
> --throw-keyid so that anyone doing traffic analysis can't attribute
> a specific key[id] to that person.)
> (If you need even more anonymity, wear masks at the keysigning and
> communicate through anonymous channels.)
> The WoT doesn't cease to exist for "anonymous" keys.  In fact, it
> becomes purer.  If you don't have a trust path to an "anonymous" key,
> you can't even put any trust into it based on a name or email address
> that you might be willing to trust.

I need a little help here.  What, exactly, would an "anonymous" key
*mean*?  To what would a document signed by such a key be bound, and why
would I care?

(I'm always swimming against the current.  While it seems everyone else
wants to become invisible, I've been wondering how to go about getting
really high-quality identity documents, both paper and electronic.  I
*want* to be well-known, *on my terms*.)

Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".