-----BEGIN PGP SIGNED MESSAGE----- An entity calling itself "James A. Donald" <jamesd@echeque.com> allegedly wrote:
Web of trust is a mess because it attempts to link keys to physical people, which in general cannot be done.
******************************* Do you wish to substantiate this rather brazen assertion? I am very sure that PGP public key 0xCC56B2E9 belongs to my housemate Sebastian Kuzminsky <kuzminsk@colorado.edu>. Is there some reason why I should doubt this belief? Furthermore my mother <rwilcox@mesa5.mesa.colorado.edu> <0x5E93210D> is very sure that PGP public key 0x617c6db9 belongs to me, and she is very sure that I am a trustworthy introducer of keys. Is there some reason why she should abstain from associating Seb's key <0xCC56B2E9> in her mind with my housemate?
If we stick to a lesser goal -- constancy of identity -- this is not so hard. In general it is impossible to prove that Bryce is the "real" Bryce, but it is trivial to prove that Bryce is the same Bryce who has a certain Web page, and the same Bryce who posted a certain article in archives.
But if I am the victim of a successful active attack then you are *not* certain that I am the same Bryce. The Bryce who posted a certain article in the archives might be completely different from (and antagonistic toward!) the Bryce who later contacts you in e-mail using the same public key. Do you see why?
We should blow off this attempt to do the impossible.
It is far from impossible. In fact, it is easy if we pay attention and cooperate. Note that I am in complete agreement with you about the (non-) value of "True" identities. In the above example I do not expect you to care which Bryce is the "real" Bryce, but I *do* expect you to care that the two Bryces are different. In short, the Web O Trust is important to maintain constancy of identity. It is not trivial, but neither is it impossible, to do so. Regards, Bryce, a unique and autonomous entity signatures follow "To strive, to seek, to find and not to yield." -Tennyson <a href="http://www.c2.org/~bryce/Niche.html"> bryce@colorado.edu </a> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMM855vWZSllhfG25AQG8JQP+Ikc9sfUdEQHhLTM1/cTlimFBKB/ppifD N58Eh6e6UboOeoatcLdHgEEkrewhYkVD+AcIoV5CUHLt22Q88vjH2Fq9jJ+tV3CO 65r9kyVeIg49qQZHx0FrSTytoTrY3Zg9RdJoh4zT/Vy36dCcwgRcfAzkPdMBfQqU W9mViQbS5w0= =KyrB -----END PGP SIGNATURE-----