On 07/06/2011 02:43 PM, Tony Godshall wrote: > Obviously a keysigning "party" is not > appropriate for people who want to be > anonymous. But I don't see why, if you've > verified a claimed identity in some other > reasonable sense you cannot sign someone's > key even if its pseudonymous.
i agree; given the fluidity of names, a persistent pseudonym can have at least as much value in terms of establishing identity as a government-approved "official" name. > For example, a public activist now living in a > free country might want to indicate trust of a > pseudonymous source living under a brutal > regime, Standard OpenPGP certifications do *not* indicate "trust". They are assertions of identity and key-ownership. If the repressed source is known only publicly as "fubar127", the non-repressed activist can use OpenPGP certifications to assert that fubar127 does in fact hold key X. > and this public activist might want to > convey the existence of such trust to news > media / bloggers, etc. Again, the public activist does *not* need to indicate any level of trust here; merely that they believe the individual known as "fubar127" does in fact hold key X. > without compromising > the source's true identity. I'd use the term "official" or "government-issued" identity here, since in the public sphere, "fubar127" is at least as much their "true" identity as any other identity they hold. > That way the various > parties could distinguish communiques from > that source vs. the regime's disinformation > even if the original public activist is assassinated. Yep. Again, to be clear, this is about management of public identities, and binding public keys to public identities. it's not about trust. I think the critical insight here is: A persistent identity bound to strong public key is essential to being able to make a stable and lasting contribution to a globally-networked culture. It doesn't matter whether the identity is your "official" identity or not; and it doesn't even necessarily matter what form the cryptographic material takes (a self-signed X.509 certificate or even a raw public key might be sufficient in some cases). Having good ways that other people can publicly state their belief in your key+identity relationship is a good way to help ensure that your presence on the network will be difficult to remove, obscure, or infiltrate through technical means. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss