J. Michael Diehl wrote: I'm having a philosophical problem regarding when to sign someone else's public key. It strikes me that while a public key may be properly associated with someone that you know by sight it may more generally be associated with an abstract reputation. Connecting a face to a public key may be less useful than connecting a public key with someone that I recognize by reputation. I don't know Stephen Wolff by sight but I do know him by reputation and have conversed with him by e-mail. If during these conversations we had exchanged public keys, even thru insecure channels, then that would be more reliable than exchanging keys with someone that I met in person who claimed to be Steve Wolff but with whom I did not have time to converse. Steve's reputation with me arose thru a book he wrote. If he had included his private key there it would be better yet. (Public keys had not been invented then.) Having been influenced by Steve's book I would be inclined to accept Steve's opinions in related areas, if they were signed by his private key. I need not know what Steve looks like! In CyberSpace it ultimately seems that the public key supplants ordinary names and all reputations are connected to public keys!
According to Norman Hardy:
J. Michael Diehl wrote: I'm having a philosophical problem regarding when to sign someone else's public key.
It strikes me that while a public key may be properly associated with someone that you know by sight it may more generally be associated with an abstract reputation. Connecting a face to a public key may be less useful than connecting a public key with someone that I recognize by reputation. I don't know Stephen Wolff by sight but I do know him by reputation and have conversed with him by e-mail. If during these conversations we had exchanged public keys, even thru insecure channels, then that would be more reliable than exchanging keys with someone that I met in person who claimed to be Steve Wolff but with whom I did not have time to converse. Steve's reputation with me arose thru a book he wrote. If he had included his private key there it would be better yet. (Public keys had not been invented then.) Having been influenced by Steve's book I would be inclined to accept Steve's opinions in related areas, if they were signed by his private key. I need not know what Steve looks like!
This is a good point, but I believe that eventually, people will want to sign legal documents via pgp and such. So being able to tie a pseudonym to a reputation to a public key to a REAL LIVE PERSON is very important. I think that for many people, your attitude is one they can live with. This is what I was debating when I posted the original question. But for others, your policy may not be secure enough. I'm working on a key-signing policy for myself which I will make available via finger or request. Laters. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | mdiehl@triton.unm.edu | But, I was mistaken. |available| | mike.diehl@fido.org | | Ask Me! | | (505) 299-2282 +-----------------------------+---------+ | | +------"I'm just looking for the opportunity to be -------------+ | Politically Incorrect!" <Me> | +-----If codes are outlawed, only criminals wil have codes.-----+ +----Is Big Brother in your phone? If you don't know, ask me---+
participants (2)
-
J. Michael Diehl -
norm@netcom.com