key-signing for pseudonyms

Atom 'Smasher' atom at
Thu May 20 07:46:27 CEST 2004

Hash: SHA1

On Wed, 19 May 2004, Jeff Fisher wrote:


hhmm.... (quoting from the link)

	Zimmermann says that the current practice of keysignings, with
	government-issued identification, recitation of fingerprints and
	other rituals, is missing the point of helping users get the
	practical benefits of encrypting their mail. "What did I start? I
	feel like I've created a monster", he told a crowd of GPG users.

	Zimmermann explained alternatives to the keysigning monster in an
	interview. "A decade ago it made sense to go for maximum security
	regarding how to trust whether a key is really the right key", he
	said.  "But things can get paralyzed by excessive analness."

	"If you're in a situation where your threat model is powerful
	adversaries who are going to put forth a focused attack, you have
	to use formal methods. If you impose those same standards on
	everyone's uses, [however], you end up where we are today, where
	only a thin slice of the e-mail pie gets encrypted."

	Making OpenPGP popular depends on setting novice users free from
	the burden of understanding certification and trust models, he

	Zimmermann suggested that one way to get public keys to the
	senders who need them, without making everyone participate in
	keysignings, would be to do something like what PayPal does for
	money transfers. A user would upload a key, and a keyserver would
	then send mail to the appropriate e-mail address, asking "If this
	is your key, click here." When the user followed the link, the
	keyserver would then sign the key to show that it matched the

	This wouldn't protect everyone from sophisticated attacks, such as
	a secret police takeover of your ISP, but it would be one way to
	help spread encrypted mail to more users. (PayPal thinks it's good
	enough to handle money, after all.) Future mail programs could
	easily query the keyserver to find a key that corresponded to the
	destination addresses of outgoing mail.

	Of course, anyone who wants to get anal will still be able to do
	so. An easy step you can take right now is to put your key
	fingerprint in an e-mail header. It won't sign the mail, but it
	will get archived when you post to a list, and give people some
	basis for trusting that key in the future.

seems like he's describing robot-ca. another suggestion is just widely
publishing the fingerprint, such as in an email header.

i agree with him on one level... but on another level it's precisely that
"excessive analness" that makes the WOT so respected. if keysignings were
routinely done in a casual and haphazard way, then the distributed trust
model would quickly fall apart, or at least lose credibility.

i consider the WOT to be a great thing, but maybe it's just not for
everyone... there are certainly groups of users that exist outside of the
WOT and probably have no need for keysigning. there are also people who
can just publish their fingerprint (or just key IDs) prominently and
that's "good enough"....

if someone wants to use pgp without becoming part of the WOT, they can...
which achieves a goal of "setting novice users free from the burden of
understanding certification and trust models".

i don't think phil's comments will have too big an impact on my
key-signing policy, which is still being drafted and may or may not be a
formal (written) policy.


 PGP key -
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

	"Government is not reason, it is not eloquence, it is force;
	 like fire, a troublesome servant and a fearful master. Never
	 for a moment should it be left to irresponsible action."
		-- George Washington
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list