-----BEGIN PGP SIGNED MESSAGE----- patl> Zimmermann clearly understood all of this, but I don't think he patl> documented it properly. In my opinion, everyone should always patl> think in terms of man-in-the-middle attacks when signing a public patl> key. Mandating "True Names" is just an overconservative approach patl> suitable for people who don't fully understand the issue. wilcoxb> My point exactly. My post "Stop Fixating on True Names" was wilcoxb> an attempt to clarify things to said people. patl> Then you didn't clarify very well; to wit: wilcoxb> Okay now does anyone want to do any of the above two things wilcoxb> to me? If not then *don't* *worry* about whether my public wilcoxb> key is signed by anyone or not. It makes zero difference to wilcoxb> you until such a time as one of the above motivations wilcoxb> acquires. You are quite right that this paragraph was unclear. I meant "don't worry about whether my public key is signed where signing means certifying the mapping between my key and my physical identity.", not "don't worry about whether my public key is signed where signing means certifying the mapping between my key and a perceived identity of mine.". It is unfortunate that a PGP key-signature has such ambiguous semantics, but again it is my fault for being unclear above. wilcoxb> Zimmermann et al. were/are naive to emphasize the Web of wilcoxb> Trust as a means of introducing strangers. patl> The first paragraph clarifies nothing because it is dead wrong; the patl> second because it is arrogant, offensive, and dead wrong. Pshaw. I think it's funny when people gasp in horror if you say something disrespectful of Saint Phil. Here, I'll say it again: Zimmermann was naive to emphasize the Web of Trust as only legitimate for public key<->Real-Life-identity mappings. In the future such mappings will be rare, while the Web of Trust will be used extensively for public key<->virtual-identity mappings. (The alert observer will notice that I changed some things between the first and second invocations of the Disrespectful Assertion. This is because when I wrote the first version I was still confused about the ambiguity between "Web of Trust as set of key<->Real-Life-identity mappings" and "Web of Trust as set of key<->identity mappings".) patl> Given that active attacks are hard to explain and understand fully, I'll say! I'm having a very hard time understanding all of this clearly. patl> the PGP docs are correct to advocate a conservative approach to patl> signing keys. Novices *should* be taught to take the Web of Trust patl> seriously. (Yes, I am retracting my own statements quoted above; the patl> more I think about it, the more I think it is very hard to teach a patl> novice the details of active attacks.) Be that as it may, I still think that Zimmermann assumed that key<->real-life-identity mappings would be the primary purpose for the Web of Trust when he wrote "pgpdoc1.txt". And I think he was wrong about that. It is not "arrogant" or "offensive" to say that someone was wrong when you believe that to be the case. patl> Moreover, I suspect that active attacks are more likely today than patl> when those docs were written, which makes their advice precisely the patl> opposite of an "anachronism". Furthermore, Phil's advice to only sign keys which you have physically verified actually makes it easier for an attacker to get In-The-Middle-Of you and me. This is because there is no Web of physically-verified keysigs between you and me. If Phil had recommended treating public keys as being equivalent to net.personas, and verifying them as such, (or better yet, had provided a certificate mechanism to do so in *addition* to the current certificates) then there would be a Web of non-physically-verified keys between you and me, which would be much harder for an attacker to subvert. Since you and I do not share any such Web, we are not any better off than if we were using symmetric-key cryptography, as far as privacy goes! (Authentication is of course another matter.) Ah, the irony. By insisting on maximally-strong links between each node in the Web, you generate a much weaker Web than if you allowed weaker individual links in greater quantity. Thank you for your correspondance, Patrick and others. I look forward to more constructive interaction. Bryce signatures follow: + public key on keyservers /. island Life in a chaos sea or via finger 0x617c6db9 / bryce.wilcox@colorado.edu ---* -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDq0kfWZSllhfG25AQERJAQAglcIqszrEeWmrbL1E/SxpdRK+3B8zKC9 g7H6fd6T6D8BnYv6u4wmlU+F8fyFT0V6cVa5BZ6Defmc6phvYD9wKyleuaYjRaOP tVd8tITqpoIkmpK1+skCiV5CUl5eseKQJUlUa2LX4J8Lh9J6t9ZRm6p72ocJ88JL hnOknxRHz/M= =Pes4 -----END PGP SIGNATURE-----