Pseudonyms are fine by me. I don't have a problem signing a pseudonym key. The pseudonym just has to have context that I can verify. For instance, if the claim is "Whonix signing key," then that tells me the way to verify the key is by checking the signature of various releases of Whonix. If there is a verifiable history of Whonix releases that are signed by the same key, then I can say "Yes, this key is owned by the entity that is signing Whonix releases." I'd have to verify this over an extended period of time, so that if the official website were hacked, the maintainer had time respond and raise a question about the legitimacy of the signing key. But beyond that, I'm getting what I need to verify a pseudonym. He's not claiming that he's independent from all government agencies; he's claiming that he is the signer of the distro releases, period. I can live with that, assuming I took those simple few verification steps.
I do the same with the key associated with this email address (and reddit user id). It is what it is: you can know without any real doubt that that key is truly associated with those accounts by doing a little research, and since I've made no further claims about the pseudonym, that's truly good enough. Claiming that a key is associated with an actual identity is a different story. In that case, I would be stating that the name on my key is my legal identity, which is quite a different claim with vastly different implications. Therefore, I expect such a key to be verified by, at the very least, picture identification. I have a friend who requires a notarized document stating that the key in question belongs to the person holding that identification. Not a bad plan, really; it uses a Notary Public to act as a sort of CA, and allows for signing keys that you may not have personally verifed. You just need to verify the signature of the Notary Public. Having said that, I don't believe a pseudonym can be truly anonymous. Humans leak information. It's in our nature. It takes insane measures that go directly against human nature simply to/minimize/ information leakage during communication, and it is impossible to prevent that information leakage /entirely./ A pseudonym is like a lock on a door. It only accomplishes keeping out people who don't know enough or care enough to pick the lock. They can be useful, but I can't recommend one for the purpose of anonymity. It goes back to that whole "security through obscurity" concept. It just doesn't work. All it takes is one person to "blow your cover." The only real exceptions I can think of to that are impersonating someone else, and throwaway identities that you only use once. Ironically, forlasanto literally means, "one that is thrown away." It was originally intended to be a one-off, throwaway identity. But that just goes to prove my point: the fact that I chose an Esperanto pseudonym leaks a lot of information about me, and narrows the possible real identities for me down from 7 billion to about 5-7 million. That's a huge leak! The fact that my posts are in American English narrow it down even further--to maybe a few ten thousands. That's before a single post was read for it's content. See what I mean? We leak information like sieves. Another huge leak for keys is signatures. Who signed your key, and when? This alone can leak your true identity, and it's something you don't have effective control over. Forgive me for saying so, but for something as high-profile as a linux distro, using a pseudonym for signing the distro for the sake of anonymity doesn't sound like a great plan. If^H^H^Hwhen someone cracks your identity, it will somewhat discredit you and your distro as far as being capable of maintaining anyone's anonymity. Sorry for the text wall. On 3/28/2013 5:56 AM, Peter Lebbing wrote: > On 27/03/13 22:15, Leo Gaspard wrote: >> until a lot of people verify and sign your public key. > People might be more inclined to sign the key when it says something like > > adrelanos (Whonix signing key) <adrelanos at riseup dot net> > > rather than without the comment. > > That way, their signature might mean: Yes, this is that key that signs that > Linux distribution called Whonix. The UID conveys a bit more information about > which adrelanos specifically we're talking here. > > That said, the whole problem with establishing a pseudonym and even getting > signatures on such a key is difficult. With proper, real names, and most > importantly people you can meet face to face, it's reasonably established how > it > works. But with a pseudonym, it's completely different. > > So I'm just wildly spouting random suggestions actually. It's not really well > thought through, but I wanted to point out this possibility. > > HTH, > > Peter. >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
