T.C. May (tcmay@got.net) writes :
The web of trust may not be transitive, but the "web of taint" may be more so.
New forms of blackballing, blacklisting, redlining, etc.
And I fully expect that who signs one's keys, and whose signatures are found on one's keys, may become a political and legal issue in the coming years.
What if, for example, Sen. Leahy _did_ end up in the web of trust for Aryan Nation? Even if he never intended it, this could have some severe PR repercussions.
bryce@digicash.com writes:
For example, there is no reason why the hypothetical racist "Tom Metzger" would sign no black people's keys. A key signature (PGP style) is just an assertion about the identity of someone. Haven't racists engraved markings on people's clothes, buildings, land, bodies and other belongings in order to identify the owners? So why not do the same for keys.
Your local KCA (KKK Certification Authority) could as easily issue a "This key is owned by a Nigger." certificate for a public key as TRW could issue a "This key is owned by a Deadbeat." certificate. Presumably, future versions of PGP and other public-key crypto systems will support free-form certificate generation and not the quasi-fixed-definition signatures currently found in PGP. You can be sure that there will be rallying cries for laws to be passed to ensure the accuracy of statements made in key certificates, that characters are not defamed, that libel is not committed, etc... Lots of the same issues involving any other type of speech and the international and sometimes untraceable nature of the Net. What do you do about a signature on your key, posted anonymously to the net, which names you as one of the Four Horsemen(*tm)? How will current laws relating to credit-rating bureaus and the like be applied to key certificates? Will the MIT key-server be fined for supplying along with public keys any signatures older than 7 years? As the potential value (positive or negative) of certificates on public keys increases, expect the TrueIdentity crowd to suggest that their vision of the future will also help prevent certificate abuse. For key signatures to be useful, the protocols must allow for the attachment and distribution of certificates against the will of the key-holder. In doing so there will always be the possibility of abuse. andrew