BW> Be that as it may, I still think that Zimmermann assumed that BW> key<->real-life-identity mappings would be the primary purpose for the Web BW> of Trust when he wrote "pgpdoc1.txt". And I think he was wrong about that. BW> It is not "arrogant" or "offensive" to say that someone was wrong when you BW> believe that to be the case. Actually, this is what qualifies as a "wicked problem". Until pgp 1.0 came along, there was no way to know how people would =actually= use a public-key system. (Sure, there were lots of theories, and a few academic experiments, but those don't count as RL.) Phil tried to anticipate the kinds of errors that would be made by people unaccustomed to thinking in terms of attacks and threat models. Face it, the average.net.person is not into game theory. Phil was under severe time pressure to get a workable public key system out the door before the government slammed it shut in his face. Now that we have had an opportunity to observe people using the system, we can identify nuances that could never have been debugged on the test bench. We can explain to people the various paradigms for viewing keys, and the importance of being able to trust the "identity" of an anon.id, which seems oxymoronic on the face of it. Some kind of explanation by analogy seems in order: We all know of movie stars who changed their names for Show Biz, or authors who wrote under pseudonyms. Take Mark Twain for example. A person who had read a Twain book, or had friends (his own WOT) tell him how good/bad Twain books were, would develop his opinion of the man's work. His ultimate decision to (not) buy a particular Twain book has nothing to do with the True Name of Mr. Clemens. Where it =does= come into play is in the realm of law. Had Twain libelled a person, the means to identify the Man behind the Mask would be integral to executing the judgement of the court. And even then, if there were sufficient continuing royalties that could be attatched to satisfy the judgement, it would only be necessary to know the True Name of the publisher. So we must be very careful of what it is that we are certifying when we sign something. This is what needs to be addressed in future versions of PGP. * Free the Wisner Five! * Free the Wisner Five! * Free the Wisner Five! --- * Monster@FAmend.Com *