-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Friday 31 January 2014 at 9:24:17 AM, in <mid:20140131092417.6515e1b0@steves-laptop>, Steve Jones wrote: > Well the conventions of use, for example the key > signing party protocol, requires photographic id. If I > publicly sign a key it has to be in line with how I > expect others to interpret it. Policies and notations > on signatures go some way to alleviate that but only if > the tools support it. Surely if others interpret it differently than how you publicly state you mean it, that's their own look-out. > To me, you are just an email address, for > all I know you're a dozen different people spoofing > emails to the list. If all your mails are signed with > the same key then I can at least assume all those > people are working in concert :-) I think all my emails to this list are signed with the same key. (-; > The issue is that the tools around OpenPGP use are > designed around the idea that it's for verifying some > fixed identity, whereas in this case it's continuity of > identity that's more important. You mean it doesn't matter *who* I am as long as I am the same person you corresponded with before? Apart from certain narrow legally-defined situations, that's fairly general in real life as well as online. > If your key had dozens > of signatures at the persona level going back a few > years then I'd have a reasonable belief that you're not > just a brand new identity created for mischievousness If you were that worried, you could check the list archives for signed postings from MFPA. > With notations you get a system of > distributed tagging, where identity becomes a matter of > a collection of attested to attributes. Obviously this > could create a lot of noise so you'd have a limited set > of folks (including ephemeral Internet folks) who's > tags you trust, probably the same people who's > signatures you trust - which is handy. :-) Would they "probably" be the same folks? Or would the people whose signatures you trust be akin to those you would have round for a meal, whereas those whose tags you trust would be more like people with whom you'd go out for a pint? > My mail client, and all the others I've used, is only > interested in whether I, or someone else, has certified > that MFPA is your real name. Any I have used is only interested in whether the key is valid. My local signature makes it valid but gives no clue about whether I know somebody's real name. > Certainly. This BTW is why I think anonymous > cryptocurrency is a daft idea Why do you need to know who the other person was in a Butcoin transaction? > True, "This person is a police officer and would like > to know where you were last night," might lead you to > wanting to see id. It might also lead to a point-blank refusal to enter any discussion. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Why is the universe here? Well, where else would it be? -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlLxTndXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pOTkEAJCgeer2dfUk73oLg+x4Os9GYfcpkRDHIbAi yysyZcESOpZ9fMfRahVSb6YoZc87WEc2uHJAizsOaMelondTAYHTKV72KsGymd+q wh+ZEuxgIEjYA5VjpQ9jjp/38+eUb/ZkvP3uSoHe9x1s3lHl6sdulcSKkvj1Rctz FoGEaIJ4 =Nbk9 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users