X-Note: This isn't a Detweiler-flame, it's a mostly technical discussion A While Back, L. Detweiler asked:
Suppose that a real person signed someone else's imaginary identity for a key in a key server, or for their own. Can someone explain to me why this is not dishonest?
I guess the argument will be, the signor is only guaranteeing that some key is associated with some email address. But that seems to me to abuse the whole idea of trust in people. Has anyone asked PRZ what he thinks of the practice of real people signing imaginary identities?
There's a couple of issues here, some of which we haven't beaten to death: - what you're claiming to be the truth by signing the key - can you be sure you're signing a key for the *real* imaginary identity, or whether you're signing a key for somebody *impersonating* the imaginary entity? - if the pseudonym is one of yours, are you giving away its identity (and hence usefulness or safety) by signing it? The purpose of signing keys, in my opinion, is to verify that, if you're using a given key to talk to a given person or entity, does that key really belong to that entity, or is it a key the KGB/NSA/Mafia/Wiretaps-R-Us substituted for the real key. You're not necessarily claiming that the name on the key is the person's Government-Approved True Name, though government ID is one way you could help verify that the person you meet at a conference claiming to be "Tim May" is the real "Tim May" you've been sending email to all these years, and not some NSA guy or Eric Hughes in disguise. The government already supports government-approved fictional people with government-approved names - corporations. The quality of the introduction you're providing to other people may be affected by how well you verify that you're talking to the person you think you are, and by how well you know them, and ought to indicate this. If you're giving away PGP at, say, a trade show or conference or rave, you probably should create a separate public key for doing those signatures, e.g. (1993 Anarchist's Gathering PGP Demo <wcs@foobar.com>) so people know this isn't the usual high quality intro you normally provide. Verifying that you're talking to the right person for a pseudonym is tough. If you're having a conversation by email, it's really hard, unless you and the nym share some private knowledge that the Wiretaps-R-Us folks wouldn't have access to and that isn't on the Usenet CD-ROM collection, which is unlikely unless you know the pseudonym-user personally and are sure they've been using that name. I know a couple of people who use the names "Hobbit" and "Wookie", in real life as well as on the net (though that's probably not what their mothers call them :-), and I'd have no problems signing keys for them as long as the keys indicated *which* Hobbit and Wookie they are. Similarly, I've got a number of relatives who've changed their names (show biz, Anglicizing, personal weirdness, etc.), and I'd have no problems signing keys for them under either their government-approved names, birth names, work-use names, family-use names, or whatever. On the other hand, I'd have real trouble signing keys for Wonderer, Dark Unicorn, or strnlght@netcom.com because I haven't met them personally, and only have the consistency of their email addresses to verify who they are - and I haven't tried checking their articles to know what to look for to check whether an email request claiming to be from one of them looks unforged. If I remember right, none of these people puts a PGP Key ID or fingerprint in their posting signatures, so I don't have that clue available - that would increase my confidence a lot. But I still couldn't be sure. I once got a phone call from someone claiming to be Bob Morris (Sr.), about some computer security problems I was having, who pointed out that I couldn't really verify it was *him* I was talking to. (If I'd called him back, I'd at most know it was someone at his desk or someone hacking the phone system.) If I wanted to sign his key, I'd create a special "Unix Hacker who claimed to be Bob Morris" key to sign it with, if he told me the key words from that conversation, and you could decide how much to trust that introduction. ~~~ There are a couple of of my own nyms I've signed keys for (using other nyms), when I was demonstrating how the signature stuff worked to somebody who uses an anonymous remailer (and had already figured out that I was the person who used one of those nyms due to the anon.penet.fi remailer behavior; I knew his address because he'd included a signature in one of his anonymous postings.) On the other hand, if I really cared about preserving the anonymity of the nym-user, and it was somebody I knew in person, or myself, I probably wouldn't sign it with my real key - it may be relatively obvious that "Bill The Dragon-Basher" whose key was signed by "Bill Stewart" was me, but I'd rather not have to deal with a court subpoena or Mafia equivalent trying to find the users of the keys for "Crypto International, Ltd." or "Coalition Against the U.S. Invasion of Cuba" or "Some Unapproved Religion" or "Bear's Custom Chemicals" or an anonymous Panamanian bank account that's mine. But if the keys are only signed by other nyms, how trustable are they? If I ran a digibank, I'd be real hesitant about accepting changes of address or public-key unless I had some physical verification or other securely shared secret to avoid eavesdropper and interloper attacks, but one of the goals of digital banking is that you're not supposed to need physical transactions. I suppose an initial account set up by sending the bank a message with a Secret and a public key and a bunch of digibucks might do the job, with some cut&choose protocols to decrypt the digibucks if the account is approved? Bill The Dragon-Basher (oops! ^X^C:wq!/exit~.\b\b\b\b\b\b) # Bill Stewart Old address: wcs@anchor.ho.att.com AT&T Bell Labs, Holmdel, NJ # After 10/15, NCR, 6870 Koll Center Parkway, Pleasanton CA, 94566 # Voice/Beeper 510-224-7043, Phone 510-484-6204, email bill.stewart@pleasantonca.ncr.com