-----BEGIN PGP SIGNED MESSAGE----- Here is an article that I just posted to alt.security.pgp and sci.crypt. Having had a couple of hours to calm down, it seems a little frenetic, but there is enough truth in it that I will now repost it to cypherpunks. Context: Someone was asking how he could go about verifying the identity of an anonymous interlocutor, so that he could sign his public key. - -----BEGIN PGP SIGNED MESSAGE----- Look, I don't have a lot of time here, but I need to say that this whole "certifying anonymous keys" idea is misled. The fact is, *I* *don't* *care* what your True Name is. I can only think of two reasons why you would need a person's True Name, and I doubt that anybody here can apply either of these reasons to anyone else here. Reason Number Uno, why you might want a person's True Name: Because you want to physically hurt them, or effectively threaten to hurt them. (Or send someone else to do it, like a hit man, policeman, etc.) Reason Number Dos, why you might want a person's True Name: Because you want to have sex with them. (Or as above, if you prefer to do it through proxies...) Okay now does anyone want to do any of the above two things to me? If not then *don't* *worry* about whether my public key is signed by anyone or not. It makes zero difference to you until such a time as one of the above motivations acquires. Zimmermann et al. were/are naive to emphasize the Web of Trust as a means of introducing strangers. With very few exceptions, strangers don't *need* to verify each other's physical identities! This fact is central to some of the more interesting social evolutions that information technology promises to cause. In retrospect, the emphasis in "pgpdoc1.txt" on verifying True Names via mutually trusted introducers will seem quaint. Bryce Announcement: I have had technical difficulties. If you sent me e-mail between Aug 5 and Aug 20 and didn't receive a response, please re-send. signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox@colorado.edu ---* - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDkLf/WZSllhfG25AQFhxwP6AzS0nus2QK8UEF5rvyqhFrwpzeAEE/Vr BwRXJtstk5ln2f3SRh7BSYfda/TQDJe2VRt0qMF1xNCt1VLP+QCyr06LqZ0i/qv0 /CpC85/QRAgpQtrgyFKR6v3Ryi3MbeiUQuEOSgU+OelvZ5XcoRP3o5WDp18N4+Pv 5ddGzIVXQEk= =5rxb - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDk3AfWZSllhfG25AQGQCgQAld0FFtRVZgDKZ1ofok4pK9zAAqlJHCiO A+eLsSolfIvvfpTiE0viJUOuXIywnWzBT50js4LodwsQI4cKSVfnHdYNI4aoyQJf G2P7dy7BaryOj8C74U2gYYq8Lys6Mh/i640KEa77EV4ZEDpLhSi25R+LB58qjvwJ l705Z8I/Bhs= =+xrs -----END PGP SIGNATURE-----