[Freedombox-discuss] Relationship driven privacy

nathan nolast nathan1465 at gmail.com
Thu Jul 7 06:41:31 UTC 2011 

i think keysignings violate lutzs ease of use (grandma can use it) rule .

On Wed, Jul 6, 2011 at 3:01 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net>wrote:

> On 07/06/2011 02:43 PM, Tony Godshall wrote:
> > Obviously a keysigning "party" is not
> > appropriate for people who want to be
> > anonymous.  But I don't see why, if you've
> > verified a claimed identity in some other
> > reasonable sense you cannot sign someone's
> > key even if its pseudonymous.
>
> i agree; given the fluidity of names, a persistent pseudonym can have at
> least as much value in terms of establishing identity as a
> government-approved "official" name.
>
> > For example, a public activist now living in a
> > free country might want to indicate trust of a
> > pseudonymous source living under a brutal
> > regime,
>
> Standard OpenPGP certifications do *not* indicate "trust".  They are
> assertions of identity and key-ownership.
>
> If the repressed source is known only publicly as "fubar127", the
> non-repressed activist can use OpenPGP certifications to assert that
> fubar127 does in fact hold key X.
>
> > and this public activist might want to
> > convey the existence of such trust to news
> > media / bloggers, etc.
>
> Again, the public activist does *not* need to indicate any level of
> trust here; merely that they believe the individual known as "fubar127"
> does in fact hold key X.
>
> > without compromising
> > the source's true identity.
>
> I'd use the term "official" or "government-issued" identity here, since
> in the public sphere, "fubar127" is at least as much their "true"
> identity as any other identity they hold.
>
> > That way the various
> > parties could distinguish communiques from
> > that source vs. the regime's disinformation
> > even if the original public activist is assassinated.
>
> Yep.  Again, to be clear, this is about management of public identities,
> and binding public keys to public identities.  it's not about trust.
>
> I think the critical insight here is:
>
>  A persistent identity bound to strong public key is
>  essential to being able to make a stable and lasting contribution
>  to a globally-networked culture.
>
> It doesn't matter whether the identity is your "official" identity or
> not; and it doesn't even necessarily matter what form the cryptographic
> material takes (a self-signed X.509 certificate or even a raw public key
> might be sufficient in some cases).
>
> Having good ways that other people can publicly state their belief in
> your key+identity relationship is a good way to help ensure that your
> presence on the network will be difficult to remove, obscure, or
> infiltrate through technical means.
>
>        --dkg
>
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
>



-- 
Thank you for your time
~Nathan
nathan1465 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110707/60a3fc22/attachment.html>

More information about the Freedombox-discuss mailing list