I'm still far from convinced that the Web of Trust achieves what it's
supposed to achieve, even when used correctly.
Consider this question: what do you need to know about a person in
order to feel confident that they are the intended recipient of your
secure communication? Because I bet the answer is hardly ever "their
legal name".
I recently exchanged some email with a Ruediger Weis I met at a
conference. When verifying his signature, I wanted to be sure that it
was sent by the person I met. It would *not* have satisfied me to
know that it was sent by someone of that name, since there are
probably hundreds of people with that name. And conversely, I don't
actually care if that's his real name - his real legal name can be
Jurgen Schmidt for all I care. I used the business card he beamed me
to check out his PGP fingerprint, and could therefore be confident
that I was corresponding with the person I met. If you use this
technique, make sure it's difficult to plant business cards into your
pockets.
I know that the signed information includes an email address as well
as a name. I'm ignoring that and everyone else should too - there's
no burden on the signer of a key to verify the email address, only the
name. I can turn up to a keysigning party with my passport and get my
key signed as "Paul Crowley <[EMAIL PROTECTED]>", because no-one's
expected to check that part. I think it appears as an ineffective fix
to the problems I'm trying to highlight here. Note that it does make
sense to sign your *own* key with your email address, so that once
your correspondents decide your key is the right one, they can be
confident of which email address to correspond with!
I don't think the idea of key signing is fundamentally flawed, but I
think we need far more flexibility on what information we bind to a
public key. I'd like a way of saying "this is the John Smith that I
know, not just any John Smith, and if you've met my friend John Smith
then this is his public key". I want to bind photographs to keys.
I'd like to say "This is John Smith the famous author", or "This is
the John Smith from the famous case Smith v. Justice 1992".
Are there any commonplace circumstances where confidence in someone's
legal name is enough?
--
__
\/ o\ Employ me! Cryptology, security, Perl, Linux, TCP/IP, and smarts.
/\__/ [EMAIL PROTECTED] http://www.cluefactory.org.uk/paul/cv/
