-----BEGIN PGP SIGNED MESSAGE-----
Key signatures exist for one reason and one reason only: To thwart man-in-the-middle attacks. Whether your "persistent persona" is a True Name (tm) or a pseudonym is irrelevant.
<snip>
Zimmermann clearly understood all of this, but I don't think he documented it properly. In my opinion, everyone should always think in terms of man-in-the-middle attacks when signing a public key. Mandating "True Names" is just an overconservative approach suitable for people who don't fully understand the issue.
My point exactly. My post "Stop Fixating on True Names" was an attempt to clarify things to said people. Look at it this way: leaving aside the fact that a Man-In-The-Middle has to do a little more fast footwork than a normal old eavesdropper does, public key cryptography does not actually give you *any* advantage over symmetric-key cryptography except for this one fact: You can ask George what Alice's public key is, but you can't ask him what her-and-your shared (symmetric) secret key is! - From this perspective, the Web of Trust is the soul of public-key cryptography. From the other perspective ("Never ever sign a key which you got off of a bulletin board!" warns "pgpdoc1.txt") it is a cute anachronism. By the way, you mentioned "people who don't fully understand the issue"-- a brief survey of e-mail and posts I have seen on this subject indicates to me that even knowledgeable people like the cypherpunks are about evenly split on whether they appreciate this concept or not. [note: I've been cc:'ing messages to c'punks accidentally after I upgraded to mh. My apologies. At least they weren't completely without relevance...] Bryce Announcement: I have had technical difficulties. If you sent me e-mail between Aug 5 and Aug 20 and didn't receive a response, please re-send. signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox@colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDpBPfWZSllhfG25AQFvuAP/a6vSu4OgkDAXTRWif46/chb1+Owo2TBx YEWSzp4PRYTL1ZwrC1eOtx37miGUzvsGooXOEPfEpC4oW3f0Jg6BHanXabhegJyb t09m8IlaeD38IKATnzcC7VeeU0sWuWUea1vFJw28oZv0VOgGSeeFcYE4DA/oOtRD oqTFfG+GM7w= =LFIz -----END PGP SIGNATURE-----