[cryptography] Let's go back to the beginning on this

Ben Laurie ben at links.org
Mon Sep 12 10:45:13 EDT 2011


On Sun, Sep 11, 2011 at 7:09 AM, Jon Callas <jon at callas.org> wrote:
> PGP is of course the most notorious consensus system. There's a lot of good
> things about it. It's very resilient in the face of unreliable authorities
> (think Nasrudin). A number of proposals on how to fix the SSL problem adopt
> a quasi-PGP system. I will flatter myself by assuming I don't need to
> describe how it works.
> There are a number of problems with the consensus approach, though. They
> include:
> * It's pseudonym-surly. If you want to use a pseudonym, you have to get it
> certified by people whom you tell your pseudonym to, which kinda defeats the
> point of having a pseudonym. All the many years I worked on PGP, I worried
> that I was going to wake up one day and discover that I completed the
> panopticon that Jeremy Bentham started.

This is only true for the weird subset of people who think PGP keys
have something to do with meatspace identities.

If you want me to sign your pseudonymous PGP key, then you have to
convince me you're the wielder of that pseudonym. Showing up in the
flesh and giving me your driving licence is not going to achieve that.
Instead, all you have to reveal is things the pseudonym already knows,
and I already know the 'nym already knows. That is, nothing
identifying (or any more identifying than you already are).



More information about the cryptography mailing list