At 04:54 PM 6/10/03 +0100, [EMAIL PROTECTED] wrote: >> From: David Honig >> Why not publish your key under a bogus name that goes no-where? > >The answer is simple. I cannot publish a PGP under a false name, because if >I did, who would sign it to attest that the genuinely did belong to the >person to whom it claimed to belong? Would you?
I don't know you. Why should I trust your signing of someone else's key? If I know a mutual aquaintence, no need for "web of trust". If some *random* person is writing to you, why do you, or they, care who signed your key? It merely provides confidentiality to the key-holders. It does *NOT* link your meatspace entity to your email address. You might have separate keys (and separate emails) for each identity you maintain. None of which need be linked to your meatspace "true name". In fact, you could have different identities of yours sign your other keys, and the gullible would believe them (you)! The eBay equivalent is having one 'identity' give positive feedback about another 'identity', fooling those who assume they are different physical-entities. >If we allow this, then the entire web-of-trust disintegrates. There *is no web of trust* unless you know the signers. In which case you may as well have them forward keys manually. >I have seen very little discussion of this point, anywhere. The cypherpunks archives have discussion on the invalidity of a "web of trust" signed by unknown (or corruptable) entities. The few replies >I have had to my original question suggest that there simply _is_ no >solution, except live with it. Either don't publish your key (which means >that no-one can find your key even if they have a priori knowledge of your >email address), You email your key to those who justify the request. In plaintext, or on the phone. What is the problem with that? Don't assume that the "web of trust" has anything to do with trust, just because it (ab)uses that word. Think about collusions of signers. Think about multiple identities. Remember that the Govt issues false "real-world" IDs when it is convenient for them to do so. DH --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
