gpg for pseudonymous users

Stan Tobias sttob at mailshack.com
Sun Apr 14 17:53:17 CEST 2013 

Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> On 04/07/2013 04:06 AM, Stan Tobias wrote:
>
> > I'd be willing, too, to sign the Enemy's key, as long as its UID says
> > "Enemy" and not "Friend".
[...]
> If you want to make a statement about whether someone is your enemy or
> your friend, an OpenPGP identity certification might not be the right
> way to do it.

That was just a figure of speech on my part, to express that I wouldn't
have a problem signing anybody's key whatsoever, as long as I'm sure
the UID truthfully describes them.  Any doubt is a reason not to sign.

[...]
> I think we're talking about pseudonyms, not "anonymous identities".
>
> You seem to think that names of the form "Stan Tobias" and "Daniel Kahn
> Gillmor" and "Werner Koch" are somehow more "real" names than
> "adrelanos".  

Not really.  I wouldn't have a problem signing Lady Gaga's key, although
it's probably not what reads in her passport.  It's a pseudonym, but
she's known by that.  In fact, I don't distinguish between pseudonyms
and legal names - for me they're all names; what matters is whether someone
is known by that name.

Actually, it's about more than just being known by a name.  Our public
names are not quite our own choice.  "Lady Gaga" is an invented name,
but it will stick to her for a long time.  "Artist Formerly known as
Prince" or whatever shape he now wants to to be identified by, is still
recognized by his old name "Prince", whether he or his editors like
it or not.  If your group calls you by a nickname, it's often next
to impossible to have it changed.  You may change your legal name,
but it's not without many consequences for you.  A name becomes your
name when people call you by that name.  It's the society that keeps our
names stable.  Therefore public names can be considered good identifiers
(how good is another discussion).

In case of anonymous entities, like "adrelanos", I don't mean to say
they have no reason to protect their "brand" names: they might have
an ambition, a moral inclination etc.  But I don't see any *external*
mechanism that would glue the name to the identity.  The person behind
"adrelanos" may stop using this name when he merely gets bored, without
any consequences for himself.  Just because he can.  For this very reason
I don't consider an anonymous name a good identifier.  Just as the colour
of the tie you're wearing today doesn't identify you well.


> You also seem to think that people's identities are
> immutable over time.  

Yes, that's my understanding:
http://en.wikipedia.org/wiki/Personal_identity_%28philosophy%29


[...]
> However, I am unwilling to constrain my
> beliefs about identity to only cover government statements.  Some people
> have deeply-held identities that their government refuses to certify,
> and some governments are quite willing to issue fraudulent identity
> papers under a variety of circumstances.  So i prefer to reserve the
> right to use my own judgement, and to be able to rely on other
> information besides government endorsement as well.

I'm happy to say I absolutely agree.

> In response to adrelanos'
> question, I tried to give an example of what sort of
> non-government-issued evidence a cautious and open-minded individual
> might consider.  What evidence are you willing to consider to establish
> belief in someone's identity?

That's a really difficult question, and I'm afraid I don't have an
"always works" answer.  I think asking a few people is better than
checking a document.

Another issue is what we use as identifiers.  I've always felt a key uid
was very small and limited in information.  In my perfect world the uid
would be... but that's another discussion.

Regards, Stan Tobias.

More information about the Gnupg-users mailing list