key-signing for pseudonyms
atom at suspicious.org
Thu May 20 07:46:27 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 19 May 2004, Jeff Fisher wrote:
hhmm.... (quoting from the link)
Zimmermann says that the current practice of keysignings, with
government-issued identification, recitation of fingerprints and
other rituals, is missing the point of helping users get the
practical benefits of encrypting their mail. "What did I start? I
feel like I've created a monster", he told a crowd of GPG users.
Zimmermann explained alternatives to the keysigning monster in an
interview. "A decade ago it made sense to go for maximum security
regarding how to trust whether a key is really the right key", he
said. "But things can get paralyzed by excessive analness."
"If you're in a situation where your threat model is powerful
adversaries who are going to put forth a focused attack, you have
to use formal methods. If you impose those same standards on
everyone's uses, [however], you end up where we are today, where
only a thin slice of the e-mail pie gets encrypted."
Making OpenPGP popular depends on setting novice users free from
the burden of understanding certification and trust models, he
Zimmermann suggested that one way to get public keys to the
senders who need them, without making everyone participate in
keysignings, would be to do something like what PayPal does for
money transfers. A user would upload a key, and a keyserver would
then send mail to the appropriate e-mail address, asking "If this
is your key, click here." When the user followed the link, the
keyserver would then sign the key to show that it matched the
This wouldn't protect everyone from sophisticated attacks, such as
a secret police takeover of your ISP, but it would be one way to
help spread encrypted mail to more users. (PayPal thinks it's good
enough to handle money, after all.) Future mail programs could
easily query the keyserver to find a key that corresponded to the
destination addresses of outgoing mail.
Of course, anyone who wants to get anal will still be able to do
so. An easy step you can take right now is to put your key
fingerprint in an e-mail header. It won't sign the mail, but it
will get archived when you post to a list, and give people some
basis for trusting that key in the future.
seems like he's describing robot-ca. another suggestion is just widely
publishing the fingerprint, such as in an email header.
i agree with him on one level... but on another level it's precisely that
"excessive analness" that makes the WOT so respected. if keysignings were
routinely done in a casual and haphazard way, then the distributed trust
model would quickly fall apart, or at least lose credibility.
i consider the WOT to be a great thing, but maybe it's just not for
everyone... there are certainly groups of users that exist outside of the
WOT and probably have no need for keysigning. there are also people who
can just publish their fingerprint (or just key IDs) prominently and
that's "good enough"....
if someone wants to use pgp without becoming part of the WOT, they can...
which achieves a goal of "setting novice users free from the burden of
understanding certification and trust models".
i don't think phil's comments will have too big an impact on my
key-signing policy, which is still being drafted and may or may not be a
formal (written) policy.
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"Government is not reason, it is not eloquence, it is force;
like fire, a troublesome servant and a fearful master. Never
for a moment should it be left to irresponsible action."
-- George Washington
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
-----END PGP SIGNATURE-----
More information about the Gnupg-users