On Sat, 21 Jul 2012 10:12:37 -0700 (PDT), Jonathan Wilkes wrote: > > The whole point of key-signing is that you're verifying that you do > > know the providence of the data signed or encrypted by that > > key. Anonymity is the opposite of that. If you want anonymity, then > > you don't want public key encryption. They are not compatible. > > Did you mean to say, "if you want anonymity, then you don't want key > signing"?
Probably. Given how researchers could uniquely re-identify a third of nameless Twitter and Flickr users based on the social graph alone [0], you might either want to avoid key signing or avoid any overlapping (reference) social interaction. Also, how'd we get back to "web-of-trust" vs. "web-of-verified-identity" again? Given all the different social understandings of the issues in different contexts, the relevant interpretation seems User * Context based (e.g., 5 users * 6 contexts = 30 interpretations). As Jonas mentioned, social standards can offer direction but the choice and interpretation still seems based, ultimately, on the user and signing statement. /me lights up the dkg signal 0: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006
pgpRBfEMVWrz7.pgp
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
