To: Tom Jennings
?? Huh? I don't understand what you're pointing out. If I send you my
tj>> I am considering becoming and "introducer" for parts of FidoNet. I can't seem to get past the problems of how to assign reliability to public keys I receive over an unsecured email channel to begin with. No other method is practical. << public key -- even if I cc: dockmaster -- what does it matter that the NSA knows my public key (unoless they want to send me msgs, too)? << Not my worry. What I meant was, how do I know htat the keyfile I received from "John Smith @ net address" really is his, and not some faker. Short of physically getting key disks from someone face to face (flatly im-possible here), I don't know. The assurance of course is the social system: if someone sends me a message and keyfile, "here's my file, my name is Eric Hughes", and I distribute it... I can think of no way to prevent this, other than let a social system detect and repair -- "HEY THATS NOT ME!!!" form the 'real' you would raise a flag... and an audit trail at the introducers site (dangerous...!) might help. Anyhoo, that's what I meant. --- RM version 0.-1 (watch out) -- Tom Jennings - via FidoNet node 1:125/555 UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG
From: Tom.Jennings@f111.n125.z1.fidonet.org (Tom Jennings)
Not my worry. What I meant was, how do I know htat the keyfile I received from "John Smith @ net address" really is his, and not some faker. Short of physically getting key disks from someone face to face (flatly im-possible here), I don't know.
This is like asking "how do I get a bullet to stop in mid air and launch itself back into the bullet casing in the breech of the gun". You don't. Obviously, the only way to trust a key enough to certify it is to actually get it in person and verify identity. This is often impractical, but so what? If people want to communicate and the only assurance your signature gives them is that you got a copy of the keys by email, they might as well just email each other they keys and live knowing that the messages they are sending are to possibly non-securely identified people. Signed introduced keys should be reserved for times when you can actually add real information by claiming the key is really owned by the person who claims it. This does mean that a lot of the time until people have built up catenative assembleges of keys sufficent to form a "chain of trust" for unknown people that they will simply have to do without certification of the other person's identity. Isn't that the way life usually is, though? Perry
In the future I imagine several companies that seel public keys for individuals. Depending on how much risk of forgery you can tolerate, you just buy an individuals public key from several of these companies. Then they must all collude to fool you. dean
Perry:
This does mean that a lot of the time until people have built up catenative assembleges of keys sufficent to form a "chain of trust" for unknown people that they will simply have to do without certification of the other person's identity. Isn't that the way life usually is, though?
In large part the electronic environment is already pseudonymous. I don't know most Usenet posters personally and never will. I have no need to personally verify their identities; in fact, I don't even want to. But for someone I'm going to deal with over a period of time, I do want to make sure that it's the same person I'm dealing with each time. And if I never happen to meet this person face to face, or need to know anything about this person as a physical being, so be it. All I really care about is persistence, not identity. In the elctronic world, all you have are persistent pseudonyms. Most of them, true, are still linked to physical people, but there is no particular reason why that need continue. I think the changeover point will be this. As soon as there is money flowing through the networks which is tied only to pseudonyms and not to physical people, then you'll see a _lot_ more virtual-only identities. When you can conduct business and get paid for it, there's a big difference. When some of your data has negotiable cash value, you'll see privacy and security get *important*. And most of these identities will have regular sounding names. Handles, a la the underground, are more a mark of social identity than of anonymity. The best camouflage is not to draw attention to yourself. When most of the world is personal, look personal. Who will ever know? Eric
In the elctronic world, all you have are persistent pseudonyms. Most of them, true, are still linked to physical people, but there is no particular reason why that need continue.
Instead of thinking of keys as things belonging to people, we can think of people as things associated with keys. In fact, we just need to shift the focus to be entirely on the keys, and leave the people out of it. e
participants (5)
-
Eric Hollander
-
Eric Hughes
-
pmetzger@shearson.com
-
Tom.Jennings@f111.n125.z1.FIDONET.ORG
-
tribble@xanadu.com