Opportunistic Encryption [Was: Keys not trusted]

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Thu May 15 08:45:02 2003 

--Boundary-02=_1ezw+ka6SxVMS2C
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 14 May 2003 15:36, Mark H. Wood wrote:
> On Tue, 13 May 2003, Jason Harris wrote:

> > The WoT doesn't cease to exist for "anonymous" keys.  In fact, it
> > becomes purer.  If you don't have a trust path to an "anonymous" key,
> > you can't even put any trust into it based on a name or email address
> > that you might be willing to trust.
>
> I need a little help here.  What, exactly, would an "anonymous" key
> *mean*?  To what would a document signed by such a key be bound, and why
> would I care?

One use is: somebody wants to be anonymous, but wants to publish some (hot)=
=20
information. He signs it, so that when he ever needs to post a followup=20
(correction, additional info on this issue, or to counter some statement so=
me=20
other party has made about the info he's posted), he can sign *that* again.=
=20
So, nobody can come and say 'I have published that document' since he=20
wouldn't be able to proof it by signing a challenge.

I don't see where this would tie into the WoT - presumably, nobody can sign=
=20
that key, and the keyholder will not be interested in signing anybody's key=
=20
when he wants to stay anonymous, but I think this is a good application of=
=20
anonymous keys.

> (I'm always swimming against the current.  While it seems everyone else
> wants to become invisible, I've been wondering how to go about getting
> really high-quality identity documents, both paper and electronic.  I
> *want* to be well-known, *on my terms*.)

I think I can understand this feeling.=20

=2D- vbi

=2D-=20
Available for key signing in Z=FCrich and Basel, Switzerland
                     (what's this? Look at http://fortytwo.ch/gpg/intro)

--Boundary-02=_1ezw+ka6SxVMS2C
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iKcEABECAGcFAj7DN7VgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjQmbWQ1c3VtPTgxNjMwYmFhYmU5YTA2NzBi
YjE5YzFmYTg1MjdhN2FiAAoJEIukMYvlp/fW39QAoM/ZY73YkfZmMQRtT5Ltaiee
4Xh4AJ9K+loaipYLjc74QDRhscWw3uosGA==
=BBUy
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.4&md5sum=81630baabe9a0670bb19c1fa8527a7ab

--Boundary-02=_1ezw+ka6SxVMS2C--