At 12:47 AM 9/11/98 -0700, Vladimir Z. Nuri wrote:
wow, a new site called sixdegrees.com, in which everyone registers and reveals who their friends are. the privacy implications are really incredible. yet supposedly close to 1 million people joined, with 900,000 of them connected!!
We've got a somewhat related Cypherpunks problem, which is PGP key signatures. The traditional software likes chains of less than 4 deep, yet the last time I checked the key servers, there were chains as deep as 12-14, and most people seemed to be at least 6 signatures away from Phil Zimmermann or Derek Atkins, who were the centers of the list at the time. (On the other hand, I suppose a lot of signatures between Joe Cypherpunk, Ivan Cypherpunk, T0T0M0nger, etc. could improve the averages :-) The PGP Web of Trust key management tools have the difficulty that they don't make it easy to decide which signatures on your key to export when giving someone a key to sign or distributing a key to a key server. You can manage this somewhat by creating different name/key pairs for different uses, with your Phil Zimmermann, Respected Entrepreneur key signed by venture capitalists and your Phil Zimmermann, Anti-Nuclear Activist signed by your fellow activists, and trying to make sure that people who attend meetings at the bank building where you have your office digitally sign in with their Respectable Software Developer or Free Speech Activist personnas, and not with their Buddhist Temple Assault Rifle Shooting Club personnas that seem to overlap with the Respected Entrepreneur web.... I'm not sure how solvable a problem this is - there are some parts that are easier to solve, like - storing secret keyrings entirely in encrypted form This could be done using a disk encryptor instead, or could be done using an additional passphrase to unlock the keyring before determining whether the specific key you want it on it; both are annoying. The threat is the attack currently being used against T0T0, whose secret keyring had a key for a personna that signed a supposedly incriminating message. In his case, it was probably just ranting or humor, but there are some PGP users who really _are_ trying to overthrow their governments. and friendlier GUI tools (e.g. the current PGPkeys lets you add and delete signatures from a key in the keyring, but doesn't let you decide which ones to export except by deleting them (or by exporting to a separate keyring and using the GUI on that keyring, which is awkward.) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639