On Sun, Sep 11, 2011 at 7:09 AM, Jon Callas <j...@callas.org> wrote: > PGP is of course the most notorious consensus system. There's a lot of good > things about it. It's very resilient in the face of unreliable authorities > (think Nasrudin). A number of proposals on how to fix the SSL problem adopt > a quasi-PGP system. I will flatter myself by assuming I don't need to > describe how it works. > There are a number of problems with the consensus approach, though. They > include: > * It's pseudonym-surly. If you want to use a pseudonym, you have to get it > certified by people whom you tell your pseudonym to, which kinda defeats the > point of having a pseudonym. All the many years I worked on PGP, I worried > that I was going to wake up one day and discover that I completed the > panopticon that Jeremy Bentham started.
This is only true for the weird subset of people who think PGP keys have something to do with meatspace identities. If you want me to sign your pseudonymous PGP key, then you have to convince me you're the wielder of that pseudonym. Showing up in the flesh and giving me your driving licence is not going to achieve that. Instead, all you have to reveal is things the pseudonym already knows, and I already know the 'nym already knows. That is, nothing identifying (or any more identifying than you already are). _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
