Fwd: Re: key question

[Grant Olson]

Doh!  Originally sent off list...  Maybe Robert got a psychic vibe...

On 2/27/2010 2:21 PM, MFPA wrote:
> 
> I don't want such a vote. Whether somebody chooses to include an email
> address in their UID is up to the individual. I have not seen anything
> that convinces me it is better for me to include one.
> 
> 

It sounds like you're using the software to do the opposite thing that
many people do.  I think digital signatures are utilized much more than
encrypted communication.  And digital signatures are about
authenticating to a real person, and not anonymity.

If you don't want to publish your email for the anonymity/privacy
reasons you've outlined, then you probably don't want to use your legal
name either.  And it looks like you don't.  Which is fine for encrypting
documents.  But it renders two key features of digital signatures
meaningless.  Authentication and Non-repudiation go out the window.  How
do I authenticate that an anonymous entity is really an anonymous
entity?  That doesn't make any sense.  How do I get into a dispute with
an anonymous entity about whether he really agreed to do X?  And
although it does prove message integrity, that, in and of itself,
doesn't mean much for an anonymous entity.

So a few examples to elaborate.  I'm going to use MFPA as the anonymous
user who doesn't have a real ID for clarity sake.  It's better than
"anonymous entity".  Just to be clear, I'm not really talking about you
or making any personal attacks in the examples.  You're just the generic
guy with the non-identifiable key.

Farfetched example.  An email from MFPA pops up on the list.  "My house
burnt down.  Lost my key.  Lost my rev certificate.  Here's my new
info."  Five minutes later, another email from MFPA.  "That dude
generated a fake key.  Keep using the old one.  The new one is bad!"  A
third email from MFPA.  "That last dude is lying.  Turns out he stole my
laptop before burning my house down."  Who do we trust?  Which key do we
use?  We have no way of knowing who the real MFPA is, because he was
anonymous to begin with.

How could I sign your key?  It sounds like you don't want anyone to sign
it anyway, plenty of other people want to sign keys and build the web of
trust.  I can't verify your key in any way.  You're anonymous.  There's
no way to prove you're MFPA.  So I can't sign your key.

Lets assume among your circle of friends, who know each other personally
in real life, you sign off on each others keys.  And I somehow know one
of your friends, and we sign each others keys.  To me, it's a
meaningless assertion for someone to claim that they've verified that
you're the real MFPA.  That doesn't mean anything to me because you're
anonymous to me.  It also doesn't mean anything if you've signed off on
someone's key.  What does it mean to me that MFPA vouched for someone
else's identity?  Another meaningless assertion.

I'm not really using OpenPGP encryption at all.  I may never need to
send an encrypted email.  None of my real-life friends, family,
co-workers use it.  Not Cuban, Iranian, or in the Falun Gong.  I use it
for two things, (1) to post on computer geek mailing lists, and (2) to
verify software packages.  For (1), I guess I'm not too concerned about
digital signatures.  The PGP Global Directory is good enough
authentication for me.  For (2), I actually am.  It'd be nice to have
the software packages signed by a validated key.  If people don't use
personally identifying information, the web of trust breaks.  The only
way for me to actually validate a key is to meet with the software
packager personally.

And I think many people fall into that camp.  Authentication is more
important to them than anonymity and encryption.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100227/b1d84497/attachment-0001.pgp>