-----BEGIN PGP SIGNED MESSAGE----- Hal <hfinney@shell.portal.com> wrote:
Eventually it seems that the MITM becomes enmeshed so deeply in his own lies that he would get caught. If steps like these are taken successfully it should be reasonable to sign a nym's key, with the semantics being that either this is the real key of the sender, or he has a nearly omnipotent MITM surrounding him.
Let's think of ways to foil Mitch: 1. Physical body (a.k.a. "True Name") mapping. 2. The "overload his processors" trick. 3. Sending hashes of future messages. 4. Sending your public key to the Web O Trust via multiple, independent channels. 5. Working an identifier of your public key into conversation so that Mitch can't edit out your public key without changing the whole conversation. (E.g. "I talked to her a number of times equal to the least significant 4 bits of my public key." This is an example which Mitch could easily handle, by replacing "a number ... key" with "3 times", but it gives you the idea.) All of these can involve psychological manuevers, like "informal coding". That is, trying to sneak some information by Mitch that he *should* edit if he knew what he was good for him, but he doesn't realize it. This gets really interesting, trying to communicate something to your actual recipient without letting Mitch realize what you are communicating. The "tell me [something only you would know]" game is a good example of that. I think method 4 is the best method. Method 1 is more reliable, but much more expensive and I have a strong aversion to making it necessary for everyone to publicize their True Name. I don't know if method 5 is even feasible. :-) Of course, there is no reason not to use many different methods simultaneously. Bryce signatures follow "To strive, to seek, to find and not to yield." <a href="http://ugrad-www.cs.colorado.edu/~wilcoxb/Niche.html"> bryce@colorado.edu </a> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMHoR6/WZSllhfG25AQFgbwP/fTXZTRGdPL1GIzep+0YS9lD/GigW9XHP 8SiF8y+AxmVXeYYE0Jwj7T2MPNE298H1V8ZQQXq6ClLSJjXbvOnCGN35mhu0xR+l MdaCiV2LOpLs8tXVDSkuLfJBcVdJRR7TuyXYTBSdAf2pTn6SOkmMhIKe7z/6fj7h qrRMjCPRL5s= =8QFl -----END PGP SIGNATURE-----