Re: shmoo on web of trust, Israeli-Iran TOWs
-Declan (who tried to get the Internet as Man of the Year in '97 but got outvoted. sigh.) You'll need to diversify your Usenet posts if you're going to beat out Tim.
Re: shmoo on web of trust, Israeli-Iran TOWs
At 8:26 AM -0800 2/15/00, John Doe Number Two wrote:
in article v03130303b4ce69373560@[207.111.242.22], Tim May at [EMAIL PROTECTED]
wrote on 14/2/00 6:38 pm:
Yet another wrongheaded interpretation of "trust." Insofar as key signings
go, political views are not important. Golda Meier could have signed the
Ayotallah Khomeini's key with complete equinimity. Think about it.
snip
Somene seeing my name on the list of signatures attached to "Fidel Castro's
key" simply tells someone: "Tim May had some level of confidence that the
key belongs to someone that Tim thinks is Fidel Castro."
An excellent point. Unfortunately there are heavy PGP users out there who
believe their signatures mean something more. They think a sig means 'I
approve of you' rather than, 'I believe you say who you are'. Thus one
finds people who will cancel a PGP sig they put on another's key when they
are pissed off with that individual.
Yes, it's both depressing and unsurprising that so many people are so
clueless about the basic issues. I never spent a _lot_ of time worrying
about webs of trust and keysignings, as it was obvious to me at the very
first Cypherpunks gathering in 1992 (*) what the issues were. That it is so
unobvious to all of these journalists and pundits so many years later is
laughable.
(* We had a PGP 2.0 keysigning at that September 1992 gathering at the
Oakland home of Eric Hughes. PGP 2.0 had just been released a week or so
earlier, so there is every reason to believe that this was the first
large-scale key signing. Outside of the team of developers, that is. By the
way, there was no nonsense about bringing photo IDs and letters of approval
from local law enforcement. Fuck that noise.)
The fact that so many nominally-clued people still think key signings are
measures of approval goes a long way to explaining the current miasma. We
are "stuck" at the 1980 level of technology and what passes for Cypherpunks
excitement these days is hearing a spokesbimbo from VeriWhack describing
her company's plans to roll out 52 bits for its next release of
VeriWhackomatic 2.0. Feh.
--Tim May
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0X+d*lMLa^*lN%0]dsXx++lMlN/dsM0J]dsJxp"|dc`
-:-:-:-:-:-:-:
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
Re: shmoo on web of trust, Israeli-Iran TOWs
in article v03130303b4ce69373560@[207.111.242.22], Tim May at [EMAIL PROTECTED] wrote on 14/2/00 6:38 pm: Yet another wrongheaded interpretation of "trust." Insofar as key signings go, political views are not important. Golda Meier could have signed the Ayotallah Khomeini's key with complete equinimity. Think about it. snip Somene seeing my name on the list of signatures attached to "Fidel Castro's key" simply tells someone: "Tim May had some level of confidence that the key belongs to someone that Tim thinks is Fidel Castro." An excellent point. Unfortunately there are heavy PGP users out there who believe their signatures mean something more. They think a sig means 'I approve of you' rather than, 'I believe you say who you are'. Thus one finds people who will cancel a PGP sig they put on another's key when they are pissed off with that individual. JDII "Insert the usual disclaimer here." Key ID: 0x8EF048F5 4093 Bit DH/DSS Fingerprint: CC8F 8D2C E1A3 6555 7438 B456 D00E A83C 8EF0 48F5
Re: shmoo on web of trust, Israeli-Iran TOWs
At 6:02 PM -0800 2/14/00, Anonymous Sender wrote:
Here a punkly (?) site seems to suggest that trusting the government
is a reasonable policy.
This problem exemplifies the problems you encounter when dealing with a
web of trust model. You must actively monitor those to whom you give your
trust, or it may bite you later. While dealing with large, central companies
such as Verisign or the Post Office may be evil, at least they're a known evil
entity. The option is the possibility of hundreds of evil people running
around
abusing your trust.
http://www.shmoo.com/
Yet another wrongheaded interpretation of "trust." Insofar as key signings
go, political views are not important. Golda Meier could have signed the
Ayotallah Khomeini's key with complete equinimity. Think about it.
If I were to meet Fidel Castro, and were to become convinced that the guy
in military fatigues I was talking to was in fact the same "Fidel Castro"
that I have been seeing since I was a 9-year-old, I would probably sign his
key (maybe for a box of good cigars).
[Modulo the issue that some folks in Washingon who deserve to be executed
have probably made it a crime of some sort to sign the key of an Unapproved
Person.]
That I would sign his key means that I am expressing a level of belief that
the person presenting the key is the owner of that key. Not that he is
"Fidel Castro," per se, and certainly not that I agree with his policies or
that I think he has TOW missiles, or whatever.
Somene seeing my name on the list of signatures attached to "Fidel Castro's
key" simply tells someone: "Tim May had some level of confidence that the
key belongs to someone that Tim thinks is Fidel Castro."
(I believe the calculus for thinking about webs of trust is the
"Dempster-Shafer theory of belief." Search on Dempster-Shafer. I wrote a
fairly long article a few years ago on why this is the best calculus. The
archives, such as they are, may have this article.)
Key signings have nothing to do with support of opinions or policies or
beliefs about weapons deals.
In this particular instance, the Iranians and Hezbollah are on the side of
right in battling the Zionist insect that preys upon the life of the people.
--Tim May
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0X+d*lMLa^*lN%0]dsXx++lMlN/dsM0J]dsJxp"|dc`
-:-:-:-:-:-:-:
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
Re: shmoo on web of trust, Israeli-Iran TOWs
At 18:38 2/14/2000 -0800, Tim May wrote: Yet another wrongheaded interpretation of "trust." Insofar as key signings go, political views are not important. Golda Meier could have signed the Ayotallah Khomeini's key with complete equinimity. Think about it. Right. This shouldn't need to be explained, of course, but there's not a good institutional memory here, at least not in web-archive form. One useful analogy might be Time magazine's "Man of the Year," designed to highlight the most important person, or thoughts along those lines. Hitler was it once. Time mag is not endorsing him by dubbing him that; neither are you necessarily endorsing someone's views when signing their key. At least the analogy might be useful to newcomers. -Declan (who tried to get the Internet as Man of the Year in '97 but got outvoted. sigh.)
Re: shmoo on web of trust, Israeli-Iran TOWs
I voted for you as many times as they'd let me. MacN -Declan (who tried to get the Internet as Man of the Year in '97 but got outvoted. sigh.)
