From: an41418@anon.penet.fi (wonderer)

say someone wants to become Wonderer (I mean, it's great being me, who wouldn't want to?), they could forge a message as coming from me and include a public key. [...] The problem I have with public key cryptography is that it is easy for an imposter to publish a public key and get people to believe that it is valid.

As long as no certification agency is involved, a public key only stands for itself. It only weakly associates a key with a name. It does NOT associate a key with a person, or an email address. And this association is not even unique, you could have several names with the same public key, and the same name with several public keys. In other words, the only thing that authenticates the messages is the key itself, the key is now the only significant name. The name is merely a poor mnemonic to the key (more or less). No matter what, any "John Smith" out there has an arguable right to call himself "John Smith". The situation does not improve as communication infrastructures become more global. So, even though you were the first on this list to use the name "wonderer", as long as you don't post a public key for it, somebody else can pre-empt you and claim that name and post a key, and that would not prevent you from posting a key for the same name yourself in the future. (is that confused enough?) The only way to distinguish same names for different keys is if people automatically collect key-name pairs and their mail readers shows key-names as author, not just name (and that's not a reliable or likely way to go. Assuming here there is only email and posting to distribute keys.) You say somebody would forge a mail from your address to "claim" your name... They wouldn't need to: How many of us check your email address in the header when we see "wonderer". We don't remember your email address, just "wonderer". We wouldn't remember your key either, just "wonderer" again. Only a fancy mail reader would tie together all the different messages you posted under the same key. So, does it matter and what can we do? Well as long as the only key propagation mechanisms are email and posting, we can't do much. If you start talking as "Some Name" with or without a posted public key, and somebody else posts one as the same name: - you can counter with a key for "Some Name" yourself. - you can sue if "Some Name" is sufficiently associated with you (first and last name, trademark...), and insufficiently with the other (not his name or less valid trademark), and if the other is in a jurisdiction where you have a recourse. - you can start an online war between the two that essentially will make the name impossible to use for anybody (quasi-universally kill-filed... for a while) - you can claim a Better Name "The One True Some Name", and post your same public key for it. Until he does the same. - you can wait for, or better yet :-), write mail readers or list software that tend to prefer keys and signatures over names and mail addresses. The possibilities for fun, forgery, spoofing, and flaming are endless... Until the list software starts associating keys with names on a first come first serve basis (or by chains of certificates and in-person meetings, as a way to settle disputes). Pierre. pierre@shell.portal.com