On 06/24/2011 04:25 AM, John Gilmore wrote: > I would go further. I wouldn't even tie the person to some kind > of global identity, government ID, or "verification".
There are many good uses for this, and yes: we should certainly tie the local verification with privately-held identifying information and other forms of memory/identity cues for the freedombox owner. However, if you forgo all public identification, you lose (at least) two rather important things: 0) you lose the ability to learn the identity of someone who you have *not* met in person. The OpenPGP "web of trust" allows people to make generic introductions available to others; this means that I can know (for example) that a message from Bdale is actually from Bdale well before i ever met Bdale. I can do this because several mutual acquaintances have identified each of us with our keys publicly. i (privately) trust enough of those intermediaries to make reasonable certifications (and to *not* make unreasonable certifications) that i can be confident that messages signed by this key actually were signed by Bdale. Note that i might care about Bdale's "government-recognized" name; or i might care about his globally-unique (in some sense) e-mail address; or i might care about both, as far as discerning his identity. But i'm relying on a public certification; not a private "the bdale i like to get drinks with" certification. 1) you lose the ability to effectively re-key after a loss or a compromise. If you've come to know someone solely via their key, and they lose control of that key (either by physical loss or by compromise/exposure), you'll need to actually find them again in person to learn their new key. With a public certification network, there is the possibility for a person to re-identify themselves without having to meet each of their correspondents in person all over again. > The implication for FreedomBox design is that a user's key should be > transmitted WITHOUT further identifying information. Any identifiers > for a received key should be provided by the receiving party. This is going to make freedombox incapable of supplanting proprietary networks. The ability to connect to people you have not yet been able to do an in-person handshake with with is critical to being able to satisfy the social and emotional desires for communication. > Not automatically tying a key to a self-claimed identity, nor a > government-issued identity, nor even a photo, will help freedom > fighters stay free when the government grabs somebody and tries to > find all their collaborators. People can do this with a pseudonym -- there are many pseudonymous OpenPGP user IDs in the existing WoT. But not everyone will use a pseudonym. If you're concerned that a pseudonym might be too identifiable, consider that the key's fingerprint itself is unique and identifiable. Better to lay claim to a persistent identity that allows re-keying. If you want to ditch your pseudonym, that's just as easy as ditching a key (easier, in fact) > [...] > This concept is only a few weeks old; I could've missed some big > reasons not to do it this way. The concepts of local/private associates with keys actually dates back at least to 2005: http://www.skyhunter.com/marcs/petnames/IntroPetNames.html The concept of petnames is a good one, one that we should certainly incorprate into the UI of the freedombox; integrating a mechanism for storing petname info (private names, candid photos, etc) into the bump/hi-five/manusvexo/monkeysign UI (can we please settle on a name?) would be fine (though i don't think it necessarily needs to be in the first draft). And of course, that data would need to get handed off to the freedombox, where it would be integrated in the rest of the UI (e.g. when i'm chatting with Bdale using OTR, it reminds me that this is in fact "the Bdale i met in NYC"). The rest of the UI should also allow the user to update petname info at will (e.g. this is no longer "the bdale i met in NYC", he's now known as "the BDale i launch rockets with"). But Petnames are independent from public certifications. We should definitely *not* throw out possibly-public certifications just because we want to integrate petnames. Regards, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
