On Mon, Sep 17, 2001 at 09:39:51AM +0000, Redvers Davies wrote:
> > Do you see the problem now?
> You just illustrated what I said :) Which I guess means we probably agree.
Actually, I didn't, but whatever. :-) What I actually illustrated was why
the email is just as important as the name, which you disputed originally.
> I'm not sure what the answer is. One "answer" is to make sure you have
> your key uploaded to a keyserver. Thus, if someone tries to get your
> key from there they will see more than one and therefor be more carefull.
This is kind of the point of keyservers.
> That feels like a cop-out to me. Signatures can be generated.
Yes, but corresponding keys have to exist, (otherwise you can't verify the
signature) and those keys have to have verifiable sigs etc. etc.
> I have also seen it suggested that you should just use the key which has
> the most signatures. That to me is just stupid.
It is. (this is one premise of the so-called Web-Of-Trust model). However,
the reasoning is interesting. It relates to the amount of effort that you
need to get a closed set of keys, all signing each other, which is large
enough that to casual observation, or even, not so casual observation it
doesn't appear to be closed is actually quite high. There is another reason
to take it as read, which is that if you treat this as OK, you treat it as
low-grade until you trust it via some other mechanism. If you keep a key
for some time, then the one on the keyservers won't change under your feet
without you noticing, which is a good thing.
> There is a fundimental problem here whose answer depends on your requirements.
Indeed.
> If you absolutely wish to communicate with someone you know irl... Exchange
> fingerprints.
Yes, there's no benefit to handing someone else's fingerprint to the other
person, if they want to pass the information that you send, they can do
that anyway.
> If you wish to communicate with someone who you "just met in irc"... They
> may be lying about their name/address etc... so you have no way of verifying
> who they are. If you want to exchange encrypted mail, exchange keys. In that
> case the key is linked to the IRC nick... not the uid packet.
Again, the same is true.
> After all, there is nothing to stop someone appearing on irc as me, generating
> a key in my name and passing that over.
Yes, but *I* shouldn't sign it as being you.
> The person would be communicating with the person with that IRC nick at that
> time... NOT the person named in the uid. Who is it that they *REALLY* wanted
> to communicate with?
Uh huh.
> Everything depends on what you define a "person" to be. An electronic
> representation? The person whose mug-shot in the passport matches the
> face opersite you and the name in the uid? The person who you have been
> exchanging email with from that specific email address in the uid?
Well, quite. And how you try and tie a key to a person... I actually think
that the signature web works pretty well, although I've recently been
thinking about ways that it can be improved.
> This paranoia is making me not want to sign any keys from people who
> I do not know personally because I am starting to wonder if the whole
> premise of keysigning parties is flawed.
Depends. It really comes down to what you trust other people's signatures to
mean.
MBM
--
Matthew Byng-Maddick <[EMAIL PROTECTED]> http://colondot.net/
