[Freedombox-discuss] Novel design philosophy for end-to-end cryptographic protocols and software

[Daniel Kahn Gillmor]

On 07/09/2011 07:25 PM, Boaz wrote:
> [dkg wrote:]
>> If the repressed source is known only publicly as "fubar127", the
>> non-repressed activist can use OpenPGP certifications to assert that
>> fubar127 does in fact hold key X.
> 
> Here I must disagree.  The anonymous blogger named fubar127 does not
> need anyone to attest to his identity as fubar127.  He need only start
> posting comments under that name, signed with some key.  Consider the
> person who reads some posts by fubar, and comes to think of fubar as a
> specific person whom a new post may or may not be written by.  If he
> wants to know whether a new post is by the “real” fubar127, he (his
> software) need only check that it's signed with the same key as the
> prior posts.

It's worth noting that it's easy for me to take fubar127's message,
strip off their signature, and sign it with a key that i control.

I can also associate any arbitrary name (e.g. "fubar127") with the key
that i control (though no one else has certified it).

I can even publish the re-signed message in the same forum that fubar127
published it in originally.

Now, when someone wants to contact fubar127, whose signatures do they
check against?

In short: Identity verification for the sake of public verification
needs to be done as an active, conscious affair.

Regards,

	--dkg

PS thank you for the kind words for the monkeysphere project (i also
contribute to that project).  The vision you describe of a singular,
cross-protocol authentication regime is exactly the sort of thing we're
hoping the project can contribute to.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110711/17e7d8df/attachment.pgp>