-----BEGIN PGP SIGNED MESSAGE----- This quotes some mail sent directly to me by (probably) an entity calling itself "Jiri Baum". I apologize in advance if said probable entity is offended at my broadcasting his words, but I thought it was a good contribution to cpunks. (Which, cosmos knows, could use some good contributions that aren't just rehashes of the eternal floating "libertarianism" Usenet flamewar/rantfest.) (Hereafter knowns as "the EFLUFR", pronounced "Effluffer".) +---+---- Bryce | | +---+------ Probably an entity calling itself Jiri | | | | v v v v

...

...

...

An entity calling itself Jiri Baum <jirib@sweeney.cs.monash.edu.au> probably wrote: ...

Probably? Didn't I sign it? :-)

Ah, grasshopper... If there was a good path between you and I in the Web of Trust, *then* I would take out the "probably". :-) ...

I guess it depends on whether we are talking about "Jiri Baum wrote" (about which you'd be perfectly right) or "An entity calling itself Jiri Baum wrote". Witness: + there exists an entity which controls the PGP key in question (*) + that entity calls itself "Jiri Baum" (key signature) + that entity wrote the text in question (text signature)

Therefore, an entity calling itself Jiri Baum wrote the text in question. No need for a web of trust - as they say on Star Trek, simple logic will suffice :-)

Well now let's say that an active attacker had supplanted your public key with his own. He is not, really, an entity who calls himself "Jiri". I mean, sure by using a public key which he controls and which has "Jiri" on it he is calling himself "Jiri", but he rarely if ever actually talks to people and says things which those people associate with the name "Jiri". More significantly, he never thinks of *himself* as "Jiri". So in this most fundamental sense he does not "call himself Jiri". *You* are the entity who calls yourself Jiri, and I can only say that you "probably" wrote the above because I'm not sure if you actually control the public key associated with your name. Tim May's solipsistic conflation of appearance and identity notwithstanding. I guess we are just using different semantics for "an entity calling itself". I didn't want to say "an entity whose One True Name is 'Jiri Baum'", because I don't believe in One True Names. I can see how my choice of words was confusing though, since Mitch (the Man In The CHannel) can be seen as "calling itself 'Jiri Baum'". Maybe I'll start saying "An entity who creates the output which we associate with the nym 'Jiri Baum'...", in order to point out that the actual "Jiri" makes this stuff up and Mitch just relays it with perhaps some editing. But then what if Mitch took a more active role, putting words in your mouth and so forth? Maybe I should say "An entity who calls itself 'Jiri Baum' and is more or less unaware of any nym collision regarding that nym...". Yeah, that one seems bulletproof...

True - I guess that's another use - a time-stamping service could sign any page that asks for it. Time to whip up yet another CGI script! (When/if I have the time - this one ain't so simple because it has to get the page off the web.)

Wei Dai <weidai@eskimo.com> and Matthew Richardson <matthew@itconsult.co.uk> have both done this. I suspect that Wei's time-stamping service is not still functional. (A pity. We need redundancy for added assurance.) I myself use Usenet and mailing lists as a sort of poor man's time-stamping service. If I invent an idea or some prose, and I sign it and then broadcast it thusly, I think enough people will keep a record of it having been in existence with my signature on it at this time, that I can later call on them to testify to that effect. Hopefully. Yet another reason to clearsign my output. Okay I will try to find responses to this even if they are buried in the EFLUFR. (All hail GREP!) Regards, Bryce "Toys, Tools and Technologies" the Niche New Signal Consulting -- C++, Java, HTML, Ecash Bryce PGP sig follows  -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMSDPpPWZSllhfG25AQFrUgP+IzidvICvkApSl87b03f4Ebatwcmg05cJ QF3jE7SbmRpcJshE6Cty5Lu3revBeGknRI3VDMoS4n0fCIxjq3D592d5mqOjwN0e QV620Aq2cnJZ3LRknZtaIGNluedkC4iG2xM3VzxIbVVGmmGEbhwEhKNmFEqWr2um SdDPSWvtnhs= =sc0s -----END PGP SIGNATURE-----