encrypted list? (Re: [buug] keysigning?)

Joseph Zitt jzitt at metatronpress.com
Fri Aug 16 22:33:27 PDT 2002 

On Fri, 16 Aug 2002 22:11:38 -0700 (PDT)
"Jeremy Brand, B.S." <jeremy at nirvani.net> wrote:


> Actually, no.  Please re-read the first message in this thread.  Ian
> _did_ speak of people voicing support of encryping communications on 
> this list.
> Quoting Ian:
> > Recently people have voiced support for encrypted communication on
> > this list; and I feel that our group is an excellent example of one
> > which has developed some degree of IRL mutual trust, that could be
> > reused in our online lives.
> 
> My question still stands unanswered:
> 
> Is the list going to be closed to those who can physically NOT provide
> public keys at the meeting with picture ID?
> 
> Which (one could imagine) evolves naturally to this question: 
> Is this list going to be encrypted? (regardless of physical exchange
> of keys and IDs).

It may just me that I've been neck-deep in issues of textual
interpretation, but it seems to me that the difference in understanding
hinges on what "on" means in Ian's first sentence. I *think* he meant
that people have, in messages written to this list, expressed interest
in ecrypting some of their communications. I don't however, recall
seeing anyone wishing that list *itself* be encrypted. 

Since:

- the issue of "trust" (again an ambiguous word) in encryption and
authentication hinges on the degree to which you are sure that a
given signature corresponds to a given real-world-human,

- one of the ways to extend that "trust" is for someone who you trust
to confirm that a signature corresponds to someone *he* trusts,

- many of the people on this list apparently know each other,

- many of these people meet frequently in a convenient real-world
meeting,

- the documents suggest present a Pretty Good indication that the 
real-world person bearing the documents is the person identified,

- that's good enough for most purposes (remembering that the original
PGP stands for Pretty Good Privacy)

it seems a reasonable suggestion that a keysigning party happen at these
real-world events.

It's also pretty clear that encrypting the list would be, at best,
extremely difficult, and I doubt anyone would want the problems
involved. I've been on a list that did that, in addition to anonymized
addresses, and it was *very* difficult, and basically boiled down to a
single person (whom none of us, as far as I know, knew) who presented a
single point of failure for the web of confidence. When he dropped away,
the list immediately failed.

So, in brief, I can see where the worry about the list being encrypted
came from, but I don't think anyone at all actually wants it to happen.

-- 
| josephzitt at josephzitt.com                 http://www.josephzitt.com/ |
| http://www.metatronpress.com/jzitt/   http://www.mp3.com/josephzitt/ |
| == New book: Surprise Me with Beauty: the Music of Human Systems  == |
| Comma / Gray Code             Silence: the John Cage Discussion List |

More information about the buug mailing list