-----BEGIN PGP SIGNED MESSAGE----- E. Allen Smith <eallensmith@ocelot.rutgers.edu> wrote: (> Bryce wrote:)
1. Acceptable digital signature upon the "bet statement" from each bettor. (Note that PGP signatures from PGP key pairs which are not connected to me via the Web of Trust, or which are not verifiable by me via an out-of-band connection, are not acceptable digital signatures. This is because of the MITM attack problem, not because I need True Names to be connected to the signatures.)
IIRC, currently Black Unicorn doesn't have any signatures on his public key of others. Therefore, this requirement, while understandable, could cause a bit of a difficulty in the current situation.
Hm. This is a toughie. For one it would help if Black Unicorn had a "pseudonym keysignature" from someone who had a Web O Trust link to me. This would make me more certain that a hypothetical man in the middle between me and the rest of you wasn't able to impersonate Black Unicorn. Of course, such a MITM could still impersonate Black Unicorn by being between Uni and the rest of us. It would help if Uni made a habit of publishing his true public key via various difficult-to-intercept channels, but of course we can't _know_ whether Uni is doing that or not in any case. Yeah, it's hard to gain trust in the absence of a Mitch (a.k.a. MITM) between Uni and us. It is feasible, for my purposes, though. We could tie Uni's ostensible pubkey to the Web of Trust. We could assume that Uni is resourceful enough to publish his own pubkey via difficult-to-intercept channels, to check his own pubkey, and to broadcast a warning if any active attack is detected. Then as time passed we could gain trust in the lack of an active attack on that pubkey. Currently neither the first (add key to WoT) nor the second (believe that Uni is actively trying to propagate/check his key) step is working... Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMYORSEjbHy8sKZitAQGXkAMAvU13aY2pzagOtSoYSomvO2tYzZBNZzUw 4Ke8a4tprEOP7r+nkXLH0EJgDEG4OSBzj3FmpxJ6OrMnsb/qDo0vXfI/GlIal0/j J2z+LxOQvoSOMRKvydZUA/8Wc64+gKYH =x3Nm -----END PGP SIGNATURE-----