Senator, your public key please?
-----BEGIN PGP SIGNED MESSAGE----- I was running around the hill all morning and I thought I would drop in on Leahy to see what his key signing policies were. I gave Leahy a buzz to see if I could catch him in person but unfortunately it's a busy day on the hill and he sent me off to Beryl Howell instead. Ms. Howell is Senior Counsel for the minority staff of the Antitrust Subcommittee and handles all of Leahy's encryption gofering. I'd dealt with her on a limited basis once before, and I got a good 10 minutes to discuss some issues before she had to run off elsewhere. The issues she brought up were interesting. Firstly, Leahy wasn't advised to issue a public key, it was entirely his idea. No staff suggestion there. Secondly, the Ethics Committee was very interested in the issue. As of now they have ruled that "exchanging" PGP signatures is an "exchange in kind" and an ethics violation. Ms. Howell expressed exasperation over this lunacy, but put it much this way: "No, you guys don't understand what the issues are here, but I don't have 3 hours to explain it all to you either." Apparently the ethics committee is concerned that a signature from Leahy's key will constitute some sort of endorsement and the "you sign mine and I'll sign yours" looks like influence peddling. Part of the problem was that several politically oriented groups approached Leahy's office and descended like vultures on a carcass, all of them wanting to certify his key. No signing from Senator's keys for the time being. She said the ethics committee went so far as to prohibit them from soliciting signatures from others as well. Her conservative (and reasonable) interpretation was that she couldn't hand over a fingerprint of the key for signing purposes. As things stand now Ms. Howell intends to try and educate some of the key Ethics members over the August break and have a decent signing policy after the break itself. Welcome to the hill. Those of you who haven't might want to check out the May 2, 1996 version of the Promotion of Commerce on-line in the Digital Era (Pro-Code) bill. Nice choice snippet: The current strength of encryption the U.S. government will allow out of the country is so week that, according to a January 1996 study conducted by world-renowned cryptographers, a pedestrian hacker can crack the codes in a matter of hours. A foreign intelligence agency can crack the current 40-bit codes in seconds. Also: "Encryption expert Matt Blaze, in a recent letter to me, noted that current U.S. regulations governing the use and export of encryption are having a "deleterious effect... on our country's ability to develop a reliable and trustworthy information infrastructure." See: http://www.senate.gov/~leahy/ For some reason http:/www.leahy.senate.gov/ is also listed. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Autodocument signed iQCVAwUBMZtRLWqgui0rHO4JAQHRywQAgClfWZTLDCusKaAlefg53DShaCII6+vF O4X9a6vCZDWtIE0Nu7Nx/75K6zDo7AdjfqfYcAdLq4WW4F0FBH7u55+MYKUjDJ3X YFuxk9aPQSJzkgITK4EzGfHNswONkybuhAGo/6mcvJ8E2QW5rxUKRFxh7BLo7fmV CrEpvhzsycU= =uWRd -----END PGP SIGNATURE----- --- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
6:01 PM +0200 5/16/96, Black Unicorn:
Secondly, the Ethics Committee was very interested in the issue. As of now they have ruled that "exchanging" PGP signatures is an "exchange in kind" and an ethics violation. Ms. Howell expressed exasperation over this lunacy, but put it much this way: "No, you guys don't understand what the issues are here, but I don't have 3 hours to explain it all to you either." Apparently the ethics committee is concerned that a signature from Leahy's key will constitute some sort of endorsement and the "you sign mine and I'll sign yours" looks like influence peddling.
And, in fact, according the general outlines of the "reputation" schemes advanced hereabouts, they're right: that's why they call it "reputation _capital_," mais oui? There's no reason that webs of trust of well-signed keys couldn't be very fluidly incorporated into patronage networks, for example, or that their incorporation would affect network dynamics in any notable way. One doesn't need to understand political theory or economy in any analytical sense to become part of a patronage network, and one doesn't need to understand cryptography to know what a key is vaguely enough to be swayed by someone waving a "well-signed" key around--in fact, _not_ understanding cryptography will lead people to be wowed by such keys. Most people don't understand cryptography, and most will continue not to understand it. So in the pristine realm of mathematics, the Ethics Committee may be wrong, but in the real world of sloppy thinking they're basically right. Basically. If my key was signed _only_ by the CEOs of the top 10 Fortune 500 companies, a few dozen heads of state, bigwig spooks from around the world, the pope and a dozen cardinals, it's not too hard to imagine how I could open a few doors with that key--and make a buck or two in the process. After all, Uni, what _does_ a signature signify? You were asking some very pointed questions about that quite recently. Ted
On Sat, 18 May 1996, t byfield wrote:
6:01 PM +0200 5/16/96, Black Unicorn:
Secondly, the Ethics Committee was very interested in the issue. As of now they have ruled that "exchanging" PGP signatures is an "exchange in kind" and an ethics violation. Ms. Howell expressed exasperation over this lunacy, but put it much this way: "No, you guys don't understand what the issues are here, but I don't have 3 hours to explain it all to you either." Apparently the ethics committee is concerned that a signature from Leahy's key will constitute some sort of endorsement and the "you sign mine and I'll sign yours" looks like influence peddling.
And, in fact, according the general outlines of the "reputation" schemes advanced hereabouts, they're right: that's why they call it "reputation _capital_," mais oui?
Well, this depends on what we assume a signature does.
There's no reason that webs of trust of well-signed keys couldn't be very fluidly incorporated into patronage networks, for example, or that their incorporation would affect network dynamics in any notable way. One doesn't need to understand political theory or economy in any analytical sense to become part of a patronage network, and one doesn't need to understand cryptography to know what a key is vaguely enough to be swayed by someone waving a "well-signed" key around--in fact, _not_ understanding cryptography will lead people to be wowed by such keys.
I'm not sure I agree with this "mysticism" of key signatures. The Senator can sign an autograph if he likes, why not a key?
Most people don't understand cryptography, and most will continue not to understand it. So in the pristine realm of mathematics, the Ethics Committee may be wrong, but in the real world of sloppy thinking they're basically right. Basically.
"They are corrected because everyone else is an idiot." Is that about the thrust of your argument? While technically it may have some merit, I think its highly dangerous to legislate and regulate based on assumptions about what people _may_ think.
If my key was signed _only_ by the CEOs of the top 10 Fortune 500 companies, a few dozen heads of state, bigwig spooks from around the world, the pope and a dozen cardinals, it's not too hard to imagine how I could open a few doors with that key--and make a buck or two in the process.
This depends on the intrepretation of the meaning of signature.
After all, Uni, what _does_ a signature signify? You were asking some very pointed questions about that quite recently.
Precisely, and in the absence of an answer to this question which is more substantial I think assuming that Senators and CEO's intended to vouch for your financial or character reputation is stretching it a bit. But hey, I'm not on the Ethics Committee.
Ted
--- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
10:16 AM +0200 5/18/96, Black Unicorn: <...>
Well, this depends on what we assume a signature does. <...> This depends on the intrepretation of the meaning of signature.
After all, Uni, what _does_ a signature signify? You were asking some very pointed questions about that quite recently.
Precisely, and in the absence of an answer to this question which is more substantial I think assuming that Senators and CEO's intended to vouch for your financial or character reputation is stretching it a bit. But hey, I'm not on the Ethics Committee.
Surely you don't conclude from the fact that _you_ think I'm stretching it that most others would think so as well... My point wasn't that the committee was "right" in any elegant sense but, rather, that their misperceptions are almost certainly indicative of the kinds of misperceptions that will propagate far and wide--and be effective--as public-key encryption becomes more common. Humanity managed to get by for centuries laboring under the delusion that cheese produces worms: the fact that they were wrong doesn't make those centuries of fact go away. Ted
participants (2)
-
Black Unicorn -
hieronym@desk.nl