-----BEGIN PGP SIGNED MESSAGE----- I don't see what you mean by key servers for only true names. How do you know that a true name isn't just a false identity created with a real account on some system? How do you differentiate a true name from a unix account? Wonderer -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLOeQFx1kTJuroDD9AQFxbQH/f7Y4uj4xn2eeWFoTmu8Aahp2FxG+7ShV uAvvRpUWkE2Ay9MdB4lKCSjNv5cO92DwbcWRoZgbI7hPJGAe7za37A== =IBrC -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
I don't see what you mean by key servers for only true names. How do you know that a true name isn't just a false identity created with a real account on some system? How do you differentiate a true name from a unix account?
The whole concept of a true name is a fantasy. A persons name is neither unique nor unchanging. My passport reads "Brad Huntting", but if tomorrow I decide I want to be called "@*!" (pronounced "crash boom bang") instead, then that's my name. Even today I go by many written names: Brad Brad Huntting Bradley E Huntting Brad E Huntting Bradley Enoch Huntting beh huntting Enoch (mabey not) That's case insensitive and doesn't include the hundreds or thousands of e-mail addresses which mean me. The point is, a name is a handle. It doesn't need to be unique or static, all it needs to do is refer to someone or something in a reasonably unambiguous way. Besides, if I understand your idea of what a "true name" is (the name your parents or your government have assigned to you), then the whole idea of having a "true names" pgp key server is outrageously bigoted, since the vast majority of people cant write their "true name" in ascii. brad
Wonderer> == wonderer <an41418@anon.penet.fi> Wonderer> I don't see what you mean by key servers for only true names. Wonderer> How do you know that a true name isn't just a false identity Wonderer> created with a real account on some system? How do you Wonderer> differentiate a true name from a unix account? You can't. As has already been pointed out on the list, the key servers have nothing to do with binding keys to humans (or other entities, presumably :-). Only a trusted (by you) key signature can do that; the key servers merely serve as a way to distribute the keys. The way to "certify" a key as belonging to a True Name is (again, as has already been pointed out) to have a signing key that goes along with some policy. That gives keys signed by that key some level of trust, depending of course on how stringent the policy and how much you trust the signer not to be fooled (or malicious). If someone wishes to only deal with cyberspacial entities that have Certified True Names, then that someone can easily take steps to do so. (And if that someone decides that I'm simply a "brand new Tentacle" or whatever, that's not my problem; I'm easy enough to verify as a human, if it's that big a deal...) -- Christopher Davis * <ckd@kei.com> * (was <ckd@eff.org>) * MIME * RIPEM * [CKD1] This netnews posting is presented in the original 80-column aspect ratio. The black bars bordering the headers and .signature are normal for this format.
participants (3)
-
an41418@anon.penet.fi -
Brad Huntting -
Christopher Davis