key-signing for pseudonyms
atom-gpg at suspicious.org
Tue May 18 05:01:39 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
thinking out loud....
looking at things the other way... i think we would all agree to NOT sign
a key if:
1) the email address is not correct
2) the key fingerprint is not correct
3) there is doubt as to the person's identity (real or pseudononymous)
seeing how much thought i've provoked looking at this question forwards,
how about looking at it backwards (under what circumstances would one
*NOT* sign a key)...
1) if one knows that the email address is not correct, one would probably
have no reason to sign a key. using the suggestion that a signature be
sent, encrypted, to the key-holders email address enforces this rule.
2) if the fingerprint is not correct, one would not sign a key. it's
interesting that a fingerprint is public knowledge, but infeasible to
fake. although an impostor cannot create a key having a predetermined
fingerprint, an impostor could *easily* present a "marks" key, and the
fingerprint will necessarily match.
the first two are easy yes/no answers... now it gets hard...
3) if asked to sign a key that says "monica lewinsky" buy a guy who claims
that it's really his name (trust me!), but his wallet was just stolen,
we'd all say no (i hope!). on the other hand, if someone's key identifies
them as "kevin ilyanovich rasputin kubusheskie" and they have a passport,
birth certificate, drivers license and govt issued ID, and we've known
them since pre-school, we'd sign their key (i think).
i think the issue of identity is shady for anyone who we don't ~really~
know... someone's name could ~really~ be "george w bush", and they could
really have the ID to prove it... that doesn't mean they're *the* george w
bush. if this is someone i know, i'd sign the key. if this is someone i
don't know, i'd be suspicious... they could be an impostor.
in between these extremes is a lot of gray area... some people have known
me for years as "atom smasher"... i don't think they'd have any problems
signing my key.
maybe it's not so difficult at all... maybe the process still relies on
"trusted introducers", but in a strictly social sense, absent any keys and
computers... could it be that i've just over-analyzed this to an
after all, a key can be signed as "i have not checked at all", "i have
done casual checking" and "i will not answer"! wouldn't one of these three
apply to someone using an alias? or someone we don't really know?
in which case, how much is accomplished by a physical meeting? let's say
i'm going to defcon, and in advance of that i exchange some encrypted
secrets with other attendees... we all arrange to meet at the conference,
and physically exchange those secrets [in printed form]. that can't
possibly prove that i'm really me! *maybe* having a picture on my key
would help, but maybe not... if my brother serves as a body double. i
could have him claim to be me, and exchange those printed secrets! with
that in mind, what would be lost if i exchange encrypted secrets only via
email... say over the period of a month, and *then* exchange key
signatures? of course, if one is using a name that they can prove (not to
be confused with their real name!) then it's in their best interest to
meet in person and produce ID... but when signing a pseudononymous key,
what can be gained by a physical meeting? how can that be compensated for?
enough rambling... time for me to eat...
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"HEY! HO! LET'S GO!"
-- The Ramones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
-----END PGP SIGNATURE-----
More information about the Gnupg-users