re: [local] Report on Portland Cpunks meeting
At 11:13 PM 01/23/96, Bruce Baugh wrote:
The nym signing is an idle thought of mine. I have a nym key which is, at the moment, signed only by itself. I know friends of mine have nym accounts. if we could assemble a group of folks whom I can trust enough to link the nym and myself, it'd be nice to add some more signatures to the nym key, and vice versa.
I don't understand--what would signatures on a nym's key be good for? If I sign your key named "Bruce Baugh", I'm basically saying that I feel confident that this key really _does_ belong to Bruce Baugh. Others see my signature, and say "Jonathan, he's a groovy guy, if he feels confident that this belons to Bruce, well, he's probably gotten the fingerprint directly from Bruce in person, and I'm happy to use this key to send mail to Bruce." If, on the other hand, I sign "Toxic Avenger"'s key, then what benefit is this for third parties? Since Toxic Avenger is, by intention, _not_ linked to a real person, I'm not saying that I feel confident that this key really belongs to any particular real person. What am I saying?
Jonathan Rochkind said:
At 11:13 PM 01/23/96, Bruce Baugh wrote:
The nym signing is an idle thought of mine. I have a nym key which is, at the moment, signed only by itself. I know friends of mine have nym accounts. if we could assemble a group of folks whom I can trust enough to link the nym and myself, it'd be nice to add some more signatures to the nym key, and vice versa.
If, on the other hand, I sign "Toxic Avenger"'s key, then what benefit is this for third parties? Since Toxic Avenger is, by intention, _not_ linked to a real person, I'm not saying that I feel confident that this key really belongs to any particular real person. What am I saying?
That the key belongs to the person(s) assuming the identity of "Toxic Avenger". When someone signs my key, they are saying that they believe that the key belongs to me, a person who has the identity of "Kevin Prigge". Since I am a real person, I can prove that some other entity knows me as Kevin Prigge via some form of identification issued by the state, and I can prove that I control the key. For a 'nym, there is no identification that is issued, which may be the point of having an 'nym. The best that can be said is that the user@someplace posting with a 'nym of "whatever" controls the key, which is all I'd be certifying with my signature on the key. -- Kevin L. Prigge |"Have you ever gotten tired of hearing those UofM Central Computing | ridiculous AT&T commercials claiming credit email: klp@tc.umn.edu | for things that don't even exist yet? 010010011101011001100010| You will." -Emmanuel Goldstein
On Wed, 24 Jan 1996, Jonathan Rochkind wrote:
If, on the other hand, I sign "Toxic Avenger"'s key, then what benefit is this for third parties? Since Toxic Avenger is, by intention, _not_ linked to a real person, I'm not saying that I feel confident that this key really belongs to any particular real person. What am I saying?
"Toxic Avenger" may be known to a group of people (ie he may be a member of a terrorist cell). You're claiming that the key belongs to the "legitimate" TA... Jon Lasser ------------------------------------------------------------------------------ Jon Lasser <jlasser@rwd.goucher.edu> (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key.
participants (3)
-
Jon Lasser -
jrochkin@cs.oberlin.edu -
Kevin L Prigge