Re: Senator, your public key please?
At 8:10 AM 5/18/96, t byfield wrote:
There's no reason that webs of trust of well-signed keys couldn't be very fluidly incorporated into patronage networks, for example, or that their incorporation would affect network dynamics in any notable way. One
Keys, key signings, and webs of trust can be used in all sorts of ways. And I expect the "burrowcrats" will try to regulate the use. Imagine, for example, if I use a "web of trust" to help me decide who's trustworthy enough to negotiate the sale of my house to. Further imagine that I want to see keys signed by Tom Metzger, my buddy from the Aryan Nations. Guess what? No blacks will have their keys signed, and hence I'll have to tell them, "Sorry, you're just not in my web of trust." (Now, this is a hypothetical, meant to show that use of a web of trust can trigger such decisions, and could thus trigger legal challenges.) The web of trust may not be transitive, but the "web of taint" may be more so. New forms of blackballing, blacklisting, redlining, etc. And I fully expect that who signs one's keys, and whose signatures are found on one's keys, may become a political and legal issue in the coming years. What if, for example, Sen. Leahy _did_ end up in the web of trust for Aryan Nation? Even if he never intended it, this could have some severe PR repercussions. An exciting new world we're entering. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- The entity calling itself Tim May <tcmay@got.net> is alleged to have written:
Keys, key signings, and webs of trust can be used in all sorts of ways.
And I expect the "burrowcrats" will try to regulate the use.
Imagine, for example, if I use a "web of trust" to help me decide who's trustworthy enough to negotiate the sale of my house to.
Further imagine that I want to see keys signed by Tom Metzger, my buddy from the Aryan Nations. Guess what? No blacks will have their keys signed, and hence I'll have to tell them, "Sorry, you're just not in my web of trust."
(Now, this is a hypothetical, meant to show that use of a web of trust can trigger such decisions, and could thus trigger legal challenges.)
The web of trust may not be transitive, but the "web of taint" may be more so.
New forms of blackballing, blacklisting, redlining, etc.
And I fully expect that who signs one's keys, and whose signatures are found on one's keys, may become a political and legal issue in the coming years.
What if, for example, Sen. Leahy _did_ end up in the web of trust for Aryan Nation? Even if he never intended it, this could have some severe PR repercussions.
An exciting new world we're entering.
All of these are products of misconceptions between using the WoT to certify identities, versus using it to certify how much you trust a person to certify someone else's identify, versus using it to certify arbitrary other qualities about a person. For example, there is no reason why the hypothetical racist "Tom Metzger" would sign no black people's keys. A key signature (PGP style) is just an assertion about the identity of someone. Haven't racists engraved markings on people's clothes, buildings, land, bodies and other belongings in order to identify the owners? So why not do the same for keys. This is illustrative of how much confusion reigns about keys, certs, nyms, signatures and cetera right now. I hope that TCMay is pointing out how _most_ people lack a proper understanding of the differences, rather than reflecting his own lack of understanding. Phil Zimmermann was confused about this, I think, when he wrote "Trust is not transitive.". Some kinds of trust _are_ transitive (with a coefficient, of course). Hm. I wonder if there are kinds of trust whose transitivity coefficient is 1? Regards, Bryce #include <stddisclaimer.h> /* I don't speak for anyone but myself. */ - -----BEGIN GOODTIMES VIRUS INNOCULATION----- Copy me into your .sig for added protection! - ----- END GOODTIMES VIRUS INNOCULATION----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: http://www.c2.net/~bryce/ -- 'BAP' Easy-PGP v1.1b2 iQB1AwUBMZ41LkjbHy8sKZitAQHvRwL/Qakezx7VlPRahLnHx/7vuK56pLOScjeH uxF7fX7mXRHKThcnM4fcU/nJ4I6xGNjvYi8RZpSTnhIzUUEiBrDPKE6M1lcqbynC 1H8/L50tGljPyBsJFfIvdHQ3vGKKUtwH =iG/i -----END PGP SIGNATURE-----
T.C. May (tcmay@got.net) writes :
The web of trust may not be transitive, but the "web of taint" may be more so.
New forms of blackballing, blacklisting, redlining, etc.
And I fully expect that who signs one's keys, and whose signatures are found on one's keys, may become a political and legal issue in the coming years.
What if, for example, Sen. Leahy _did_ end up in the web of trust for Aryan Nation? Even if he never intended it, this could have some severe PR repercussions.
bryce@digicash.com writes:
For example, there is no reason why the hypothetical racist "Tom Metzger" would sign no black people's keys. A key signature (PGP style) is just an assertion about the identity of someone. Haven't racists engraved markings on people's clothes, buildings, land, bodies and other belongings in order to identify the owners? So why not do the same for keys.
Your local KCA (KKK Certification Authority) could as easily issue a "This key is owned by a Nigger." certificate for a public key as TRW could issue a "This key is owned by a Deadbeat." certificate. Presumably, future versions of PGP and other public-key crypto systems will support free-form certificate generation and not the quasi-fixed-definition signatures currently found in PGP. You can be sure that there will be rallying cries for laws to be passed to ensure the accuracy of statements made in key certificates, that characters are not defamed, that libel is not committed, etc... Lots of the same issues involving any other type of speech and the international and sometimes untraceable nature of the Net. What do you do about a signature on your key, posted anonymously to the net, which names you as one of the Four Horsemen(*tm)? How will current laws relating to credit-rating bureaus and the like be applied to key certificates? Will the MIT key-server be fined for supplying along with public keys any signatures older than 7 years? As the potential value (positive or negative) of certificates on public keys increases, expect the TrueIdentity crowd to suggest that their vision of the future will also help prevent certificate abuse. For key signatures to be useful, the protocols must allow for the attachment and distribution of certificates against the will of the key-holder. In doing so there will always be the possibility of abuse. andrew
-----BEGIN PGP SIGNED MESSAGE----- The entity knows as Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com> probably wrote:
You can be sure that there will be rallying cries for laws to be passed to ensure the accuracy of statements made in key certificates, that characters are not defamed, that libel is not committed, etc... Lots of the same issues involving any other type of speech and the international and sometimes untraceable nature of the Net. What do you do about a signature on your key, posted anonymously to the net, which names you as one of the Four Horsemen(*tm)?
Hey, does that little symbol stand for "Timothy May-mark"? I didn't know he had started laying claim to memes that he helped propagate... But back to the actual subject, I can't imagine that an _anonymous signature_ will have any credence at all. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMaF7g0jbHy8sKZitAQFZUwL/dq4oX/MXqvJFp/VGv5hIOpbawnz8oSnA Vv5lIKperoZXg39ukzRjLRqzuursIlzeI23/aXSLRFKKZtVU/XFTeuZTor282aqB n49lduz070amEZFLCwXCO3iSksk0Y3wv =TGjr -----END PGP SIGNATURE-----
participants (3)
-
Andrew Loewenstern -
bryce@digicash.com -
tcmay@got.net