On Sat, 21 Jul 2012 10:12:37 -0700 (PDT), Jonathan Wilkes wrote:
The whole point of key-signing is that you're verifying that you do know the providence of the data signed or encrypted by that key. Anonymity is the opposite of that. If you want anonymity, then you don't want public key encryption. They are not compatible.
Did you mean to say, "if you want anonymity, then you don't want key signing"?
Probably. Given how researchers could uniquely re-identify a third of nameless Twitter and Flickr users based on the social graph alone [0], you might either want to avoid key signing or avoid any overlapping (reference) social interaction. Also, how'd we get back to "web-of-trust" vs. "web-of-verified-identity" again? Given all the different social understandings of the issues in different contexts, the relevant interpretation seems User * Context based (e.g., 5 users * 6 contexts = 30 interpretations). As Jonas mentioned, social standards can offer direction but the choice and interpretation still seems based, ultimately, on the user and signing statement. /me lights up the dkg signal 0: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006 _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE