Discussion:
gpg for anonymous users - Alternative to the web of trust?
(too old to reply)
adrelanos
2013-03-26 16:35:58 UTC
Permalink
As a brief introduction, I am adrelanos, the strictly pseudonymous
(anonymous) maintainer of Whonix, an Open Source Anonymous Operating
System. [1] I gpg-sign binary releases and source code (git tags) in
order to authenticate Whonix to users, and prevent adversaries from
distributing altered versions in my name.

Given that I can't meet with other Linux or Tor developers who could
verify my identity and sign my key, how can I establish a web of trust
for potential Whonix users to rely on? More generally, how can strictly
pseudonymous people establish webs of trust?

In an attempt to bootstrap my public key from the Web, it's available on
keyservers, in Whonix source code and binary releases, and on my
homepage and project page. [3] By mirroring my key to many http, https
and/or .onion sites, it becomes harder and harder to impersonate me.

However, that hasn't worked out very well, because search engines
apparently don't index keys, and so there is no way to verify my list of
public key mirrors.

How can I establish a pseudonym that no one can easily fake while
remaining anonymous?

[1] http://whonix.sf.net/
[2] https://sourceforge.net/p/whonix/wiki/Trust/
[3]
https://sourceforge.net/p/whonix/wiki/OpenPGP/#bootstrapping-openpgp-keys-from-the-web
Markus Reichelt
2013-03-26 19:20:49 UTC
Permalink
Post by adrelanos
How can I establish a pseudonym that no one can easily fake while
remaining anonymous?
a) you can't
define 'easily' - these days nobody reads/checks anything anymore
(there's some XKCD about this issue)

b) you can try:
Meet with a high-profile person (of your realm/domain) that you
trust and ask that person to both honour your wish to remain
anonymous to the public and to also sign your signing key.
...

Apart from that, why the hassle? Simply put: Once you marked your
spot with a pseudonym and a corresponding key, it's yours.


But I think the matter you are really concerned about is this:
How can your audience be sure it's you when they in fact don't want
to make any real effort to check up on that fact. see a)
--
left blank, right bald
adrelanos
2013-03-29 18:21:52 UTC
Permalink
Post by Markus Reichelt
Post by adrelanos
How can I establish a pseudonym that no one can easily fake while
remaining anonymous?
a) you can't
define 'easily' - these days nobody reads/checks anything anymore
(there's some XKCD about this issue)
Well, I recognize that ratio of image downloads vs signature downloads
is quite bad...

<snip>
Post by Markus Reichelt
How can your audience be sure it's you when they in fact don't want
to make any real effort to check up on that fact. see a)
There are at least a very few users who care and who read (almost) all
the stuff I publish.
Johnicholas Hines
2013-03-26 17:36:07 UTC
Permalink
The question is how to distinguish yourself from a nation-state's covert
agency purporting to be an individual interested in anonymity; you need to
do something that the agency would find difficult to do.

Getting your name and key into difficult-to-corrupt archives will start a
timer - eventually you can point to the archives as evidence that you are
not a newcomer. Even an agency would find it difficult to change history.

Spending money or effort forces a covert agency to also spend money or
effort to replicate your behavior. For example, if you sent someone a
bitcoin, they would have to spend some dollars to establish themselves as
comparably credible. Unfortunately, they have deep pockets. Effort might be
preferable to money, since leaves more ways that a covert agency might make
a mistake, behaving in some characteristic way (e.g. some sort of automatic
authorship attribution software might become available that revealed them
to be a team rather than an individual). Steady effort at releasing patches
over a decade might be moderately credible.

Johnicholas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130326/d7fd3919/attachment-0001.html>
adrelanos
2013-03-26 23:38:23 UTC
Permalink
Yes, I agree, it's pretty much impossible to distinguish myself from a
nation-state's covert agency. Hence, I only asked how to claim a pseudonym.
Its pretty much impossible to distinguish a nation-state's covert agency
personnel who are masquerading as someone else from the real someone
else. In the UK we have recently had examples of undercover agents
infiltrating animal rights groups or similar as activists, forming deep
emotional relationships with female members, moving in with them, having
children with them, and then years later, after the group has been
smashed, disappearing from the scene. One such lady victim saw the
picture of a policeman years later (I think in a newspaper) and
recognised him as the father of her child, which is when the scam was
blown open. So in short, these agencies do not find it difficult to do
anything that they need or want to do
regards
David
Post by Johnicholas Hines
The question is how to distinguish yourself from a nation-state's covert
agency purporting to be an individual interested in anonymity; you need
to do something that the agency would find difficult to do.
Getting your name and key into difficult-to-corrupt archives will start
a timer - eventually you can point to the archives as evidence that you
are not a newcomer. Even an agency would find it difficult to change
history.
Spending money or effort forces a covert agency to also spend money or
effort to replicate your behavior. For example, if you sent someone a
bitcoin, they would have to spend some dollars to establish themselves
as comparably credible. Unfortunately, they have deep pockets. Effort
might be preferable to money, since leaves more ways that a covert
agency might make a mistake, behaving in some characteristic way (e.g.
some sort of automatic authorship attribution software might become
available that revealed them to be a team rather than an individual).
Steady effort at releasing patches over a decade might be moderately
credible.
Johnicholas
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Leo Gaspard
2013-03-27 21:15:04 UTC
Permalink
Well... IMHO you did all what you had to/could do, if you want to keep
confidentiality : claiming your public key in association with your name on
several websites. Now, just hope no covert agency will try to impersonate you
until a lot of people verify and sign your public key.
Post by adrelanos
Yes, I agree, it's pretty much impossible to distinguish myself from a
nation-state's covert agency. Hence, I only asked how to claim a pseudonym.
Its pretty much impossible to distinguish a nation-state's covert agency
personnel who are masquerading as someone else from the real someone
else. In the UK we have recently had examples of undercover agents
infiltrating animal rights groups or similar as activists, forming deep
emotional relationships with female members, moving in with them, having
children with them, and then years later, after the group has been
smashed, disappearing from the scene. One such lady victim saw the
picture of a policeman years later (I think in a newspaper) and
recognised him as the father of her child, which is when the scam was
blown open. So in short, these agencies do not find it difficult to do
anything that they need or want to do
regards
David
Post by Johnicholas Hines
The question is how to distinguish yourself from a nation-state's covert
agency purporting to be an individual interested in anonymity; you need
to do something that the agency would find difficult to do.
Getting your name and key into difficult-to-corrupt archives will start
a timer - eventually you can point to the archives as evidence that you
are not a newcomer. Even an agency would find it difficult to change
history.
Spending money or effort forces a covert agency to also spend money or
effort to replicate your behavior. For example, if you sent someone a
bitcoin, they would have to spend some dollars to establish themselves
as comparably credible. Unfortunately, they have deep pockets. Effort
might be preferable to money, since leaves more ways that a covert
agency might make a mistake, behaving in some characteristic way (e.g.
some sort of automatic authorship attribution software might become
available that revealed them to be a team rather than an individual).
Steady effort at releasing patches over a decade might be moderately
credible.
Johnicholas
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Peter Lebbing
2013-03-28 10:56:12 UTC
Permalink
Post by Leo Gaspard
until a lot of people verify and sign your public key.
People might be more inclined to sign the key when it says something like

adrelanos (Whonix signing key) <adrelanos at riseup dot net>

rather than without the comment.

That way, their signature might mean: Yes, this is that key that signs that
Linux distribution called Whonix. The UID conveys a bit more information about
which adrelanos specifically we're talking here.

That said, the whole problem with establishing a pseudonym and even getting
signatures on such a key is difficult. With proper, real names, and most
importantly people you can meet face to face, it's reasonably established how it
works. But with a pseudonym, it's completely different.

So I'm just wildly spouting random suggestions actually. It's not really well
thought through, but I wanted to point out this possibility.

HTH,

Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
Forlasanto
2013-03-29 05:06:33 UTC
Permalink
This post might be inappropriate. Click to display it.
adrelanos
2013-03-29 14:38:30 UTC
Permalink
Post by Forlasanto
Pseudonyms are fine by me. I don't have a problem signing a pseudonym
key. The pseudonym just has to have context that I can verify. For
instance, if the claim is "Whonix signing key," then that tells me the
way to verify the key is by checking the signature of various releases
of Whonix. If there is a verifiable history of Whonix releases that are
signed by the same key, then I can say "Yes, this key is owned by the
entity that is signing Whonix releases." I'd have to verify this over an
extended period of time, so that if the official website were hacked,
the maintainer had time respond and raise a question about the
legitimacy of the signing key. But beyond that, I'm getting what I need
to verify a pseudonym. He's not claiming that he's independent from all
government agencies; he's claiming that he is the signer of the distro
releases, period. I can live with that, assuming I took those simple few
verification steps.
I do the same with the key associated with this email address (and
reddit user id). It is what it is: you can know without any real doubt
that that key is truly associated with those accounts by doing a little
research, and since I've made no further claims about the pseudonym,
that's truly good enough.
Claiming that a key is associated with an actual identity is a different
story. In that case, I would be stating that the name on my key is my
legal identity, which is quite a different claim with vastly different
implications. Therefore, I expect such a key to be verified by, at the
very least, picture identification. I have a friend who requires a
notarized document stating that the key in question belongs to the
person holding that identification. Not a bad plan, really; it uses a
Notary Public to act as a sort of CA, and allows for signing keys that
you may not have personally verifed. You just need to verify the
signature of the Notary Public.
Agreed.
Post by Forlasanto
Having said that, I don't believe a pseudonym can be truly anonymous.
Humans leak information. It's in our nature. It takes insane measures
that go directly against human nature simply to/minimize/ information
leakage during communication, and it is impossible to prevent that
information leakage /entirely./ A pseudonym is like a lock on a door.
It only accomplishes keeping out people who don't know enough or care
enough to pick the lock. They can be useful, but I can't recommend one
for the purpose of anonymity. It goes back to that whole "security
through obscurity" concept. It just doesn't work.
All it takes is one
person to "blow your cover."
There is no person who knows who is behind this identity/activity.
Post by Forlasanto
The only real exceptions I can think of to
that are impersonating someone else, and throwaway identities that you
only use once.
Ironically, forlasanto literally means, "one that is thrown away." It
was originally intended to be a one-off, throwaway identity. But that
just goes to prove my point: the fact that I chose an Esperanto
pseudonym leaks a lot of information about me, and narrows the possible
real identities for me down from 7 billion to about 5-7 million. That's
a huge leak! The fact that my posts are in American English narrow it
down even further--to maybe a few ten thousands. That's before a single
post was read for it's content. See what I mean? We leak information
like sieves.
Another huge leak for keys is signatures. Who signed your key, and when?
Until now, no one, never.
Post by Forlasanto
This alone can leak your true identity, and it's something you don't
have effective control over.
Forgive me for saying so, but for something as high-profile as a linux
distro, using a pseudonym for signing the distro for the sake of
anonymity doesn't sound like a great plan.
What's the alternative? Using my real identity? Does it make it any safer?

I am more interested in development and documentation rather than
building binaries, testing and uploading. Having deterministic builds
and/or some creditable individual or organization (such as eff) creating
binaries, signing an distributing more than welcome, but at the moment
there is no implication that someone will step forward.
Post by Forlasanto
If^H^H^Hwhen someone cracks
your identity, it will somewhat discredit you and your distro as far as
being capable of maintaining anyone's anonymity.
It only proves I made a mistake and hopefully others can learn from it.
Post by Forlasanto
Sorry for the text wall.
Thanks for the text.
Post by Forlasanto
Post by Peter Lebbing
Post by Leo Gaspard
until a lot of people verify and sign your public key.
People might be more inclined to sign the key when it says something like
adrelanos (Whonix signing key) <adrelanos at riseup dot net>
rather than without the comment.
That way, their signature might mean: Yes, this is that key that signs that
Linux distribution called Whonix. The UID conveys a bit more
information about
Post by Forlasanto
Post by Peter Lebbing
which adrelanos specifically we're talking here.
That said, the whole problem with establishing a pseudonym and even getting
signatures on such a key is difficult. With proper, real names, and most
importantly people you can meet face to face, it's reasonably
established how it
Post by Forlasanto
Post by Peter Lebbing
works. But with a pseudonym, it's completely different.
So I'm just wildly spouting random suggestions actually. It's not really well
thought through, but I wanted to point out this possibility.
HTH,
Peter.
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Forlasanto
2013-03-29 16:41:51 UTC
Permalink
Post by adrelanos
Post by Forlasanto
Forgive me for saying so, but for something as high-profile as a linux
distro, using a pseudonym for signing the distro for the sake of
anonymity doesn't sound like a great plan.
What's the alternative? Using my real identity? Does it make it any safer?
Using your real identity would be the alternative. The trade-off is
easier key signatures vs. identity obscurity. It would only be safer in
the sense that there won't be a scandal when/if your identity is
uncovered. Odds are, it won't be a big deal to many people,
realistically--but you never know what the future holds, right? As long
as you are comfortable with any possible future implications, then go
for it.
Post by adrelanos
I am more interested in development and documentation rather than
building binaries, testing and uploading. Having deterministic builds
and/or some creditable individual or organization (such as eff) creating
binaries, signing an distributing more than welcome, but at the moment
there is no implication that someone will step forward.
The web of trust is simply a conventional way for people to judge how
trustworthy your key is. Nothing more, nothing less. If you can
establish that trust some other way, then don't worry so much about the
web of trust. That's my opinion. No one is going to beat down your door
to sign your key, you'll have to ask them to do so. You can go to
key-signing parties and explain that your only purpose for the key is
signing the distro, and you'll probably get a few takers. The
alternative is, have an online keysigning party with all of the
developers of your distro, and everybody signs everyone else's key.

Or alternately you, as the distro manager, sign the keys of all your
lieutenants, and then they sign yours, plus all of their subordinates.
Then your key signatures would match your chain of command, and it would
actually work the way a web of trust is supposed to work. (that is, even
though you might not know their subordinates, you trust your
lieutenant's signatures, and therefore can consider their subordinates'
keys to be valid.) At that point, as far as the outside world is
concerned, you are deeply connected to the project, and it is reasonable
to trust that your key is valid, within it's context. And /within/ the
distro's community, your key would be pretty solidly trusted, I'd say.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130329/74c20d4a/attachment-0001.html>
Daniel Kahn Gillmor
2013-03-29 17:30:48 UTC
Permalink
This post might be inappropriate. Click to display it.
Stan Tobias
2013-04-05 15:39:22 UTC
Permalink
Post by Daniel Kahn Gillmor
I've changed the subject line to indicate that this thread is about
establishing a pseudonym, *not* about anonymous users. This is a subtle
but important difference.
People assume pseudonyms for various reasons, anonymity being but one
of them. It is clear the person behind "adrelanos" wants to remain
anonymous, while giving a name to his action. This is a narrower
application of pseudonyms, thus IMHO the subject should have stayed.

The problem we're trying to solve here is how to ascertain originality
of a software development line, IOW how to authenticate it.

I believe this has much in common with ordinary software authentication.
For instance, from _my_ perspective, "Werner Koch" is kind of an
anonymous person. He's not actually a person, he is just the key that
signs versions of GnuPG software. (No offense, Werner, I've seen you on
Google, so you must be true, surely. :-^ ) I don't think shaking hands
with Werner would change much in this regard. Same goes for almost all
other signed software on my system. What I mean to express is an idea
that in ordinary situation, the entity that authenticates (certifies)
software is the key itself, not its owner(s), whom I don't know, and who
I don't know if they exist. (But I know the key. Just try to imagine
the cryptographic key acquired intelligence and became a person, and
eventually - a friend; hey, I wouldn't trust a strange key, would I?)

The person(s) behind "adrelanos", in order to communicate securely and
anonymously, invents a "new person", a sock-puppet, called "adrelanos",
through which he will communicate with the rest of the world:
<quote>
I am adrelanos, the strictly pseudonymous (anonymous) maintainer
of Whonix
</quote>
For simplicity, I mentally associate this "invented person" with his
(their?) cryptographic key itself. (Thus the name "adrelanos" is
redundant, what counts is the key's fingerprint, but it's good for
human speak.) So when I say "adrelanos", I think of the key exclusively.

As a side note (this is not the main topic of my posting), I have two
suggestions to adrelanos. First, I'm not sure the Web of Trust solves
anything for you. You need to associate yourself strongly with the
project, so I would advise to put your public key into the very first
issue of the software, and sign the whole. An attacker may do the same
with their key and claim they are the only true developers. To thwart
this, you need to gather signed timestamps from many independent services.
(The reasoning is that someone can make a copy and claim as his for
nefarious purposes only, thus if you can prove you were the first to
own it, you can defend your authorship this way.) Announcing on this
list (or in any public place) can also be considered as a kind of a
time-stamp (until a Ministry of Truth starts to manage our history),
but have I seen your public key here? A third suggestion is to create
some backup keys, and somehow mention them in further software issues,
just in case you find yourself in disaster management situation and need
to identify yourself by another means.
Post by Daniel Kahn Gillmor
------------
For a pseudonymous author who wants to establish a credible claim to a
given identity, one way would be to encourage the people who have been
following the work of that author to certify the key. In that case, how
would they know it's the right one? This is a shade different from
other scenarios, but if, for example, if i had been using tool X for 5
years, and had been corresponding with the author (e.g. bug reports,
thank you notes, feedback, etc) over that time and all the
communications and versions of the tool that i received consistently
demonstrated that the person on the other end had control of the key in
question, i would have no problem certifying that identity.
What would such a certification accomplish?

In my lay person's understanding, the purpose of certification (key
signing) is to state that the UID correctly describes the person who
claims the key.

If you sign an anonymous key, that may be either misleading, or carry
zero information. If you mean to certify for the real person - you
haven't met them, and there is noone who will claim the key (as long
as they want to stay anonymous). If you sign for the "invented person"
(as I defined above), then you essentially certify that the key holding
a name "adrelanos" is correctly described by the name "adrelanos".

I understand the aim of your certification: you want to introduce
"adrelanos", and to state your association with him (although you
don't know the real person). But can you explain this purpose in
your signature? Is a key signing the best means for it? Wouldn't a
better option be publishing a signed statement "I have cooperated with
an anonymous person adrelanos since ..., I believe he is the original
author of ..."?

Further thoughts for discussion:
If I told you my pseudonym was "Werner Koch" (for "John Smith" was already
too occupied), would you sign my key? Why? Why would it take 5 years to
convince yourself to sign adrelanos' key; why not 5 months, or 5 weeks?
If someone revealed to you "adrelanos" was a secret FBI operation,
would you still sign it? (FBI behind "adrelanos" might be the true
original author of the software, accept bug reports, feedbacks, etc., and
I've heard they have really nice blokes there. So essentially nothing
changes, except the state of your knowledge.) Before signing his key,
would you check that the ID "adrelanos <adrelanos at riseup.net>" was not in
use (not necessarily in a PGP key) by another person, say, a year ago from
now?

Regards, Stan.
Daniel Kahn Gillmor
2013-04-05 17:38:18 UTC
Permalink
Post by Stan Tobias
People assume pseudonyms for various reasons, anonymity being but one
of them. It is clear the person behind "adrelanos" wants to remain
anonymous, while giving a name to his action.
This is practically the definition of a pseudonym, not anonymity.
Anonymity involves trying to avoid leaving any traces of identity
whatsoever. I really do think it's worth distinguishing between the two
cases, since they're quite different.

From WordNet (r) 3.0 (2006) [wn]:

pseudonym
n 1: a fictitious name used when the person performs a
particular social role [syn: {pseudonym}, {anonym}, {nom de
guerre}]

anonymous
adj 1: having no known name or identity or known source;
"anonymous authors"; "anonymous donors"; "an anonymous
gift" [syn: {anonymous}, {anon.}] [ant: {onymous}]
2: not known or lacking marked individuality; "brown anonymous
houses"; "anonymous bureaucrats in the Civil Service"

I agree with you that the WoT is not useful for people who truly wish to
be anonymous.

However, the WoT still can be useful for people who wish to establish a
pseudonym.
Post by Stan Tobias
Post by Daniel Kahn Gillmor
For a pseudonymous author who wants to establish a credible claim to a
given identity, one way would be to encourage the people who have been
following the work of that author to certify the key. In that case, how
would they know it's the right one? This is a shade different from
other scenarios, but if, for example, if i had been using tool X for 5
years, and had been corresponding with the author (e.g. bug reports,
thank you notes, feedback, etc) over that time and all the
communications and versions of the tool that i received consistently
demonstrated that the person on the other end had control of the key in
question, i would have no problem certifying that identity.
What would such a certification accomplish?
It establishes a history of someone doing work and being active using
that name. Given that it includes an e-mail address, it is effectively
globally unique (modulo problems with the DNS). If there are two such
entities, using two separate keys, that's entirely possible. My
certification would indicate which one is the one i have come to know as
"adrelanos <adrelanos at riseup.net>".
Post by Stan Tobias
If I told you my pseudonym was "Werner Koch" (for "John Smith" was already
too occupied), would you sign my key?
Well, i already know a Werner Koch, and i don't think i would sign any
colliding user IDs without good reason. If i'm dealing with User IDs
that are clearly non-global, have no difficult-to-forge corroboration
(e.g. gov't issued ID), etc, and i have no prolonged experience
interacting with someone using that identity, i'm likely to decline to
make that certification.
Post by Stan Tobias
Why would it take 5 years to
convince yourself to sign adrelanos' key; why not 5 months, or 5 weeks?
I said 5 years as an example, not as a magic threshold where my
confidence in someone's persistent identity kicks in. I suspect that
each person has their own sense of this, and can make their own
decisions about when making a public statement of known identity is
warranted. One of the nice things about OpenPGP is that there is no
requirement for everyone to have the same certification policy.
Post by Stan Tobias
If someone revealed to you "adrelanos" was a secret FBI operation,
would you still sign it? (FBI behind "adrelanos" might be the true
original author of the software, accept bug reports, feedbacks, etc., and
I've heard they have really nice blokes there. So essentially nothing
changes, except the state of your knowledge.)
I hope it's clear that my certifying anyone's OpenPGP certificate is a
statement about who i believe uses a given name and address and what key
they use. It is *not* a statement of political affinity, friendship, or
a technical endorsement.

I am happy to sign the keys of people with whom i have fundamental
disagreements. My saying "this is adrelanos' key" does not say anything
about "adrelanos works for the FBI" or "adrelanos does not work for the
FBI" any more than it says "adrelanos is my friend" or "adrelanos is a
milkman" or "adrelanos babysits my children" or "adrelanos writes
awesome software" or "I can't stand that adrelanos character"

Regards,

--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130405/e8b7bc2d/attachment.sig>
Stan Tobias
2013-04-07 08:06:50 UTC
Permalink
Post by Daniel Kahn Gillmor
Post by Stan Tobias
Post by Daniel Kahn Gillmor
For a pseudonymous author who wants to establish a credible claim to a
given identity, one way would be to encourage the people who have been
following the work of that author to certify the key.
[snip]
Post by Daniel Kahn Gillmor
Post by Stan Tobias
What would such a certification accomplish?
It establishes a history of someone doing work and being active using
that name. Given that it includes an e-mail address, it is effectively
globally unique (modulo problems with the DNS).
(Modulo a black box in an ISP's locked room. Modulo other circumstances.
I think it was a misguided idea from the old times that an email
could serve as a personal identifier.)
Post by Daniel Kahn Gillmor
If there are two such
entities, using two separate keys, that's entirely possible. My
certification would indicate which one is the one i have come to know as
"adrelanos <adrelanos at riseup.net>".
So basically you restate what I have said before: you introduce
someone (you help to start a history), and you mark your association (to
differentiate this one from other "adrenaloses"; I don't mean support, but
merely association by knowledge). The first one is merely a side effect.
As for the latter, I don't believe it is even implicit in a certificate
(at signing parties, people sign keys to persons whom they won't know).
At best, it can be considered a side effect of your signing policy (if
you refuse to sign further "adrenaloses"), but this is not what is being
ceritified anyway.

Certificates are a message to others. When you sign "Werner Koch"
key, you tell me that you have verified the key owner *is* Werner Koch,
and is willing to identify himself with this key.

Now, when you certify "adrelanos" key (UID, to be precise), do you mean to
tell me you have verified the "real" owner is adrelanos? Obviously, no.
Do you mean to tell me you've verified that the anonymous owner - the
person who identifies himself by the key - uses the key "adrelanos"?
It's a tautology. Do you mean to tell me the "invented person" is
adrelanos? He's that by definition; it's a tautology again. There is
nothing that can be verified, therefore nothing to certify. I don't
see any meaning to your certificate.

As I noticed last, what's relevant is that each software issue is signed
by the same key (identified by fingerprint). The key could be stripped
of any UIDs, and still fulfill its function well. Thus I don't see what
a certificate could change.
Post by Daniel Kahn Gillmor
Post by Stan Tobias
If I told you my pseudonym was "Werner Koch" (for "John Smith" was already
too occupied), would you sign my key?
Well, i already know a Werner Koch, and i don't think i would sign any
colliding user IDs without good reason. If i'm dealing with User IDs
that are clearly non-global, have no difficult-to-forge corroboration
(e.g. gov't issued ID), etc, and i have no prolonged experience
interacting with someone using that identity, i'm likely to decline to
make that certification.
I have chosen the pseudonym "Werner Koch" to make a contrast. You suspect
fraud, and refuse to sign my key without checking, because you happen to
know a (important) Werner Koch. Yet you're willing to sign "adrelanos"
key, because you don't happen to know another adrelanos? I sense a
logic flaw, and thus a weakness in the signing policy.
Post by Daniel Kahn Gillmor
Post by Stan Tobias
Why would it take 5 years to
convince yourself to sign adrelanos' key; why not 5 months, or 5 weeks?
I said 5 years as an example, not as a magic threshold where my
confidence in someone's persistent identity kicks in. I suspect that
each person has their own sense of this, and can make their own
decisions about when making a public statement of known identity is
warranted. One of the nice things about OpenPGP is that there is no
requirement for everyone to have the same certification policy.
With time, his reputation may change, and your confidence, but not
his identity. His identity is established by fiat of his creator,
and will be the same in five years as it is now. I think it is wrong
to assume time plays any role here.

(With time "adrelanos" may gain history which might further identify him,
but I doubt this whole history will enter his key UID. For example, on
Werner's key I see only "Werner Koch", not where he lives, what he did,
which schools he finished, where he's been, what beer he likes, and what
his cat looks like.)
Post by Daniel Kahn Gillmor
Post by Stan Tobias
If someone revealed to you "adrelanos" was a secret FBI operation,
would you still sign it? (FBI behind "adrelanos" might be the true
original author of the software, accept bug reports, feedbacks, etc., and
I've heard they have really nice blokes there. So essentially nothing
changes, except the state of your knowledge.)
I hope it's clear that my certifying anyone's OpenPGP certificate is a
statement about who i believe uses a given name and address and what key
they use. It is *not* a statement of political affinity, friendship, or
a technical endorsement.
Sure. I'd prefer you said "is known by", rather than "uses".
Post by Daniel Kahn Gillmor
I am happy to sign the keys of people with whom i have fundamental
disagreements. My saying "this is adrelanos' key" does not say anything
[snip]

I'd be willing, too, to sign the Enemy's key, as long as its UID says
"Enemy" and not "Friend". The problem is that "adrelanos" doesn't
mean anything to you, nor to me, but perhaps it might mean something
to someone else. This is a reason for my objection to vouching for
anonymous identities. I think it is dangerous.

Regards, Stan.
Daniel Kahn Gillmor
2013-04-07 14:19:56 UTC
Permalink
Post by Stan Tobias
I'd be willing, too, to sign the Enemy's key, as long as its UID says
"Enemy" and not "Friend".
But in fact, no one identifies in either way; "Enemy" and "Friend" are
relational terms, and are not identities. Neither of them belong in the
UID.

If you want to make a statement about whether someone is your enemy or
your friend, an OpenPGP identity certification might not be the right
way to do it.

The problem is that "adrelanos" doesn't
Post by Stan Tobias
mean anything to you, nor to me, but perhaps it might mean something
to someone else. This is a reason for my objection to vouching for
anonymous identities. I think it is dangerous.
I think we're talking about pseudonyms, not "anonymous identities".

You seem to think that names of the form "Stan Tobias" and "Daniel Kahn
Gillmor" and "Werner Koch" are somehow more "real" names than
"adrelanos". You also seem to think that people's identities are
immutable over time. I'm not sure i believe either tenet is universally
true. That's fine, and i'm not trying to convince you otherwise --
that's why it's good that we each get to have our own certification
policies!

Some people believe that names like "Daniel Kahn Gillmor" are more
"real" because of their government endorsement (e.g. via
difficult-to-forge identity papers). I will grant that endorsement by a
government plays a significant role in my willingness to accept that a
person holds a given identity. However, I am unwilling to constrain my
beliefs about identity to only cover government statements. Some people
have deeply-held identities that their government refuses to certify,
and some governments are quite willing to issue fraudulent identity
papers under a variety of circumstances. So i prefer to reserve the
right to use my own judgement, and to be able to rely on other
information besides government endorsement as well.

But let's bring this discussion back out of the metaphysical territory
of "what is the true nature of identity". In response to adrelanos'
question, I tried to give an example of what sort of
non-government-issued evidence a cautious and open-minded individual
might consider. What evidence are you willing to consider to establish
belief in someone's identity?

all the best,

--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130407/c148cc3c/attachment.sig>
mirimir
2013-04-07 16:59:14 UTC
Permalink
On 04/07/2013 02:19 PM, Daniel Kahn Gillmor wrote:

<snip>
Post by Daniel Kahn Gillmor
But let's bring this discussion back out of the metaphysical
territory of "what is the true nature of identity". In response
to adrelanos' question, I tried to give an example of what sort of
non-government-issued evidence a cautious and open-minded
individual might consider. What evidence are you willing to
consider to establish belief in someone's identity?
Perhaps it's misleading to focus on the pseudonym "adrelanos". For me,
what's important is knowing that all Whonix releases come from the
same source (person, collective, etc).

Having an email address associated with the whonix-signing key
provides some assurance that support requests and bug reports are
going to the right place. It's also useful to know that the adrelanos
on this list is the Whonix signer at adrelanos at riseup.net with gnupg
key fingerprint "9B15 7153 925C 303A 4225 3AFB 9C13 1AD3 713A AEEF".

Over time, with ongoing peer review, "Whonix signer" aka adrelanos
develops a reputation for releasing useful and malware-free software,
for promptly patching all reported vulnerabilities, and so on. If
malware were found in Whonix, the reputation would diminish.

Peer-verified reputation is crucial in many contexts, especially where
government-issued identification is unworkable. Even so, that's not
enough, because most participants lack the necessary information and
expertise.

Also, reputation is not simply one-dimensional. If verifiable evidence
were presented linking Whonix/adrelanos to some organization or cause,
that might decrease adrelanos' reputation among some, and increase it
among others. Reputation is also multidimensional in other ways (e.g.,
expertise, financial integrity, on-time delivery and discretion).

Trusted third parties manage peer-verified reputation in particular
contexts. For example, Onionland marketplaces manage the reputations
of their sellers and buyers, whose accounts are linked to their gnupg
keys. There are also brokers that manage reputation more broadly.

Expecting gnupg to handle all that might be unrealistic. Multiple
trust parameters would be required, and consistent use in multiple
contexts would be difficult or impossible to enforce. But gnupg keys
can serve as the index for reputation data.
Stan Tobias
2013-04-14 15:53:17 UTC
Permalink
Post by Daniel Kahn Gillmor
Post by Stan Tobias
I'd be willing, too, to sign the Enemy's key, as long as its UID says
"Enemy" and not "Friend".
[...]
Post by Daniel Kahn Gillmor
If you want to make a statement about whether someone is your enemy or
your friend, an OpenPGP identity certification might not be the right
way to do it.
That was just a figure of speech on my part, to express that I wouldn't
have a problem signing anybody's key whatsoever, as long as I'm sure
the UID truthfully describes them. Any doubt is a reason not to sign.

[...]
Post by Daniel Kahn Gillmor
I think we're talking about pseudonyms, not "anonymous identities".
You seem to think that names of the form "Stan Tobias" and "Daniel Kahn
Gillmor" and "Werner Koch" are somehow more "real" names than
"adrelanos".
Not really. I wouldn't have a problem signing Lady Gaga's key, although
it's probably not what reads in her passport. It's a pseudonym, but
she's known by that. In fact, I don't distinguish between pseudonyms
and legal names - for me they're all names; what matters is whether someone
is known by that name.

Actually, it's about more than just being known by a name. Our public
names are not quite our own choice. "Lady Gaga" is an invented name,
but it will stick to her for a long time. "Artist Formerly known as
Prince" or whatever shape he now wants to to be identified by, is still
recognized by his old name "Prince", whether he or his editors like
it or not. If your group calls you by a nickname, it's often next
to impossible to have it changed. You may change your legal name,
but it's not without many consequences for you. A name becomes your
name when people call you by that name. It's the society that keeps our
names stable. Therefore public names can be considered good identifiers
(how good is another discussion).

In case of anonymous entities, like "adrelanos", I don't mean to say
they have no reason to protect their "brand" names: they might have
an ambition, a moral inclination etc. But I don't see any *external*
mechanism that would glue the name to the identity. The person behind
"adrelanos" may stop using this name when he merely gets bored, without
any consequences for himself. Just because he can. For this very reason
I don't consider an anonymous name a good identifier. Just as the colour
of the tie you're wearing today doesn't identify you well.
Post by Daniel Kahn Gillmor
You also seem to think that people's identities are
immutable over time.
Yes, that's my understanding:
http://en.wikipedia.org/wiki/Personal_identity_%28philosophy%29


[...]
Post by Daniel Kahn Gillmor
However, I am unwilling to constrain my
beliefs about identity to only cover government statements. Some people
have deeply-held identities that their government refuses to certify,
and some governments are quite willing to issue fraudulent identity
papers under a variety of circumstances. So i prefer to reserve the
right to use my own judgement, and to be able to rely on other
information besides government endorsement as well.
I'm happy to say I absolutely agree.
Post by Daniel Kahn Gillmor
In response to adrelanos'
question, I tried to give an example of what sort of
non-government-issued evidence a cautious and open-minded individual
might consider. What evidence are you willing to consider to establish
belief in someone's identity?
That's a really difficult question, and I'm afraid I don't have an
"always works" answer. I think asking a few people is better than
checking a document.

Another issue is what we use as identifiers. I've always felt a key uid
was very small and limited in information. In my perfect world the uid
would be... but that's another discussion.

Regards, Stan Tobias.

Jean-David Beyer
2013-04-05 18:16:22 UTC
Permalink
Post by Stan Tobias
The problem we're trying to solve here is how to ascertain originality
of a software development line, IOW how to authenticate it.
What I do is get my OS (a Linux distribution from Red Hat) on a DVD
directly from them. It contains, along with everything else, their
public key that I do not validate by any other means; I assume that it
is authentic. And they sign all the software they download to me from
their site. So unless a man in the middle, working for the Post Office
or UPS or FedEx (I forget which) substitutes DVDs ... . But as long as
Mr. Red and Ms. Hat can be trusted, I do not care if they are the two
individuals, a corporation, or what.

SO

* I am not protected from any black hats subversively working for Red Hat.

* I am not protected if their site is highjacked by black hats until
they discover it and correct it. But unless they also hijack the
computer not connected to the Internet (see below), this will not be enough.

* I am not protected if the DNS is damaged somewhere and when my update
software tries to get updates from Red Hat, some other site that has Red
Hat's private key signs whatever they choose to download to my machine.
I suppose bribery or physical violence might get that key faster than
exhaustive search... .

Probably the software Red Hat supplies is kept on a machine that is not
on the Internet and it is all signed on that machine. At which point,
the signed software is placed on an Internet-connected machine for
downloading (seems like a good idea to me).
Peter Lebbing
2013-04-05 20:27:31 UTC
Permalink
Post by Jean-David Beyer
Probably the software Red Hat supplies is kept on a machine that is not
on the Internet and it is all signed on that machine. At which point,
the signed software is placed on an Internet-connected machine for
downloading (seems like a good idea to me).
I have no idea how Red Hat does this, but it seems unlikely to me. It's
not connected to the internet, but signs the whole repository, and each
individual security update etcetera. Is there a guy who keeps going back
and forth with a USB stick between this terminal and another?

AFAIK, in Debian, individual maintainers sign the packages they maintain
from their own systems. Some might choose to do a complicated dance with
a USB stick, but I expect many to sign on a net-connected machine. And
then an automatic signature follows from the repository key when the
maintainer's signature matches.

Last time I said AFAIK on this list I was wrong, though.

Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt
Jean-David Beyer
2013-04-05 20:42:24 UTC
Permalink
Post by Peter Lebbing
I have no idea how Red Hat does this, but it seems unlikely to me. It's
not connected to the internet, but signs the whole repository, and each
individual security update etcetera. Is there a guy who keeps going back
and forth with a USB stick between this terminal and another?
I do not know how they do it either. I assumed that each major release,
that for Red Hat occurs only about every 18 months, they do sign each
and every file in the repository. They probably have an automatic way to
do that. And then someone sneakernets it over to the Internet-connected
machines that do the downloads to the customers.

For updates, I assume they do that to each file that has been touched
and carry them over to the Internet-connected servers in a batch, say
once a day. But maybe they resign and carry over everything in the
repository to save the trouble of figuring out which have been touched
and which have not. The whole release fits on one DVD. Recall that for
Red Hat Enterprise Linux, with extremely few exceptions, they do not do
enhancements: those are delayed until the next major release up to 18
months later. They only do bug and security fixes (and that time-zone
file change). So once a day (or whenever the regression testing is
completed successfully) some clerk can do the carry over at some time,
presumably late at night.
Ryan Sawhill
2013-04-06 17:10:30 UTC
Permalink
I wouldn't have to work at Red Hat to find your imagining of all this
hilarious. No offense meant.

What makes the most sense: that all packages are built on a handful of
central build servers (individual maintainers building packages?
seriously?) on a private network and that as part of that automated build
process, the packages are signed. And then of course yes, some sort of
manual process to push packages out to publicly-accessible servers for
customers.

Also, for the record, you're wrong about "with extremely few exceptions,
they do not do enhancements: those are delayed until the next major release
up to 18 months later". Most packages will stay at the same upstream
version for the life of a RHEL major release, but feature-enhancements
still happen all the time with minor releases (every 6 months) and
sometimes even sooner. (Also, new major releases don't happen every 18
months.)
Post by Jean-David Beyer
Post by Peter Lebbing
I have no idea how Red Hat does this, but it seems unlikely to me. It's
not connected to the internet, but signs the whole repository, and each
individual security update etcetera. Is there a guy who keeps going back
and forth with a USB stick between this terminal and another?
I do not know how they do it either. I assumed that each major release,
that for Red Hat occurs only about every 18 months, they do sign each
and every file in the repository. They probably have an automatic way to
do that. And then someone sneakernets it over to the Internet-connected
machines that do the downloads to the customers.
For updates, I assume they do that to each file that has been touched
and carry them over to the Internet-connected servers in a batch, say
once a day. But maybe they resign and carry over everything in the
repository to save the trouble of figuring out which have been touched
and which have not. The whole release fits on one DVD. Recall that for
Red Hat Enterprise Linux, with extremely few exceptions, they do not do
enhancements: those are delayed until the next major release up to 18
months later. They only do bug and security fixes (and that time-zone
file change). So once a day (or whenever the regression testing is
completed successfully) some clerk can do the carry over at some time,
presumably late at night.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130406/8efc1e38/attachment.html>
Jean-David Beyer
2013-04-06 18:49:45 UTC
Permalink
Post by Ryan Sawhill
I wouldn't have to work at Red Hat to find your imagining of all this
hilarious. No offense meant.
I am not offended; just ignorant of some of the details of this.
Post by Ryan Sawhill
What makes the most sense: that all packages are built on a handful of
central build servers (individual maintainers building packages?
seriously?) on a private network and that as part of that automated
build process, the packages are signed. And then of course yes, some
sort of manual process to push packages out to publicly-accessible
servers for customers.
I guess we agree here. Perhaps not on the details. So that part must not
be hilarious, is it?
Post by Ryan Sawhill
Also, for the record, you're wrong about "with extremely few exceptions,
they do not do enhancements: those are delayed until the next major
release up to 18 months later". Most packages will stay at the same
upstream version for the life of a RHEL major release,
Right.
Post by Ryan Sawhill
but
feature-enhancements still happen all the time with minor releases
(every 6 months) and sometimes even sooner.
Well, the bug and security fixes can come out several times a day
(though that is not usual), and new RHEL kernels seem to be coming out
every month or so these days. But those are bug fixes and security
fixes. When I read their release notes on those things, they do not
describe enhancements on the kernel.

Similarly for things like postgresql, they may backport bug fixes but
they do not put in enhancements as far as I can tell.

Perhaps they enhanced Firefox, but that is not the usual thing. I notice
no enhancements for GnuCash that is quite a ways behind what other
distributions are using. They try to keep up with Java, but that is to
hope to keep up with the security failures in that.
Post by Ryan Sawhill
(Also, new major releases
don't happen every 18 months.)
I know major releases do not happen exactly every 18 month. IIRC, they
said that was their goal. I know it was over two years for one of them
to come out.
Peter Lebbing
2013-04-08 09:52:41 UTC
Permalink
(individual maintainers building packages? seriously?)
I think you misread a statement /I/ made. I said individual maintainers
in Debian sign packages. They do not sign built binaries, but rather the
source package. After that, an automated build system takes over.

Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt
adrelanos
2013-03-29 18:17:42 UTC
Permalink
Post by Forlasanto
Post by adrelanos
Post by Forlasanto
Forgive me for saying so, but for something as high-profile as a linux
distro, using a pseudonym for signing the distro for the sake of
anonymity doesn't sound like a great plan.
What's the alternative? Using my real identity? Does it make it any safer?
Using your real identity would be the alternative. The trade-off is
easier key signatures vs. identity obscurity.
It would only be safer in
the sense that there won't be a scandal when/if your identity is
uncovered.
Why would that be a scandal? I've never claimed to be superior, perfect
or acted otherwise arrogant about being super secure. Neither I claimed
Whonix to be an unbreakable system. The claims the system makes are
modest. Discovering me as high profile target (if I become that) would
only demonstrate the limits of the system, show mistakes one can make
and/or and show which improvements are waiting to get implemented.

If one system fails, another one may get born and I am glad if I can be
a part of this process of innovation.

I think things like NSAKEY [1] ought more to be a scandal, not many
people did care, did they?
Post by Forlasanto
Odds are, it won't be a big deal to many people,
realistically--but you never know what the future holds, right?
Yes.
Post by Forlasanto
As long
as you are comfortable with any possible future implications, then go
for it.
Post by adrelanos
I am more interested in development and documentation rather than
building binaries, testing and uploading. Having deterministic builds
and/or some creditable individual or organization (such as eff) creating
binaries, signing an distributing more than welcome, but at the moment
there is no implication that someone will step forward.
The web of trust is simply a conventional way for people to judge how
trustworthy your key is. Nothing more, nothing less. If you can
establish that trust some other way, then don't worry so much about the
web of trust. That's my opinion. No one is going to beat down your door
to sign your key, you'll have to ask them to do so. You can go to
key-signing parties and explain that your only purpose for the key is
signing the distro, and you'll probably get a few takers. The
alternative is, have an online keysigning party with all of the
developers of your distro, and everybody signs everyone else's key.
Or alternately you, as the distro manager, sign the keys of all your
lieutenants, and then they sign yours, plus all of their subordinates.
Then your key signatures would match your chain of command, and it would
actually work the way a web of trust is supposed to work. (that is, even
though you might not know their subordinates, you trust your
lieutenant's signatures, and therefore can consider their subordinates'
keys to be valid.) At that point, as far as the outside world is
concerned, you are deeply connected to the project, and it is reasonable
to trust that your key is valid, within it's context. And /within/ the
distro's community, your key would be pretty solidly trusted, I'd say.
Thanks for the suggestions. At the moment this won't work for my case,
there is just one maintainer (me) and users. The other creators remained
anonymous as well and lack time.

[1] https://en.wikipedia.org/wiki/NSAKEY
Paul R. Ramer
2013-03-29 20:21:17 UTC
Permalink
Post by adrelanos
Post by Forlasanto
Using your real identity would be the alternative. The trade-off is
easier key signatures vs. identity obscurity.
It would only be safer in
the sense that there won't be a scandal when/if your identity is
uncovered.
Why would that be a scandal? I've never claimed to be superior, perfect
or acted otherwise arrogant about being super secure. Neither I claimed
Whonix to be an unbreakable system. The claims the system makes are
modest. Discovering me as high profile target (if I become that) would
only demonstrate the limits of the system, show mistakes one can make
and/or and show which improvements are waiting to get implemented.
If one system fails, another one may get born and I am glad if I can be
a part of this process of innovation.
I think things like NSAKEY [1] ought more to be a scandal, not many
people did care, did they?
A scandal is unlikely unless the people have wildly unrealistic
expectations in the performance of the victim. The only way I could see
you having a scandal on your hands if your identity was revealed would
be if you made claims that it couldn't be discovered or your "followers"
looked up to you in some religious way and saw you as a kind of God-like
figure incapable of failure.

This is the kind of stuff that brings scandal in the minds of people who
look up to certain figures. I doubt this applies to you.

Cheers,


--Paul

--
PGP ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884
Forlasanto
2013-03-30 00:15:51 UTC
Permalink
Post by Paul R. Ramer
A scandal is unlikely unless the people have wildly unrealistic
expectations in the performance of the victim. The only way I could
see you having a scandal on your hands if your identity was revealed
would be if you made claims that it couldn't be discovered or your
"followers" looked up to you in some religious way and saw you as a
kind of God-like figure incapable of failure. This is the kind of
stuff that brings scandal in the minds of people who look up to
certain figures. I doubt this applies to you. Cheers, --Paul -- PGP
ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6
6ADF 3DB6 D884
Ok, I retract the word "scandal." I suppose the distro would have to
garner a very large amount of attention and some wild assertions made
before a "scandal" would be possible. It was just a thought that popped
into my head. :)
adrelanos
2013-03-29 18:23:55 UTC
Permalink
Post by Peter Lebbing
Post by Leo Gaspard
until a lot of people verify and sign your public key.
People might be more inclined to sign the key when it says something like
adrelanos (Whonix signing key) <adrelanos at riseup dot net>
Yes, that a good suggestion worth to try and simple to do for my next
gpg key (update).
David Chadwick
2013-03-26 22:49:13 UTC
Permalink
Its pretty much impossible to distinguish a nation-state's covert agency
personnel who are masquerading as someone else from the real someone
else. In the UK we have recently had examples of undercover agents
infiltrating animal rights groups or similar as activists, forming deep
emotional relationships with female members, moving in with them, having
children with them, and then years later, after the group has been
smashed, disappearing from the scene. One such lady victim saw the
picture of a policeman years later (I think in a newspaper) and
recognised him as the father of her child, which is when the scam was
blown open. So in short, these agencies do not find it difficult to do
anything that they need or want to do

regards

David
Post by Johnicholas Hines
The question is how to distinguish yourself from a nation-state's covert
agency purporting to be an individual interested in anonymity; you need
to do something that the agency would find difficult to do.
Getting your name and key into difficult-to-corrupt archives will start
a timer - eventually you can point to the archives as evidence that you
are not a newcomer. Even an agency would find it difficult to change
history.
Spending money or effort forces a covert agency to also spend money or
effort to replicate your behavior. For example, if you sent someone a
bitcoin, they would have to spend some dollars to establish themselves
as comparably credible. Unfortunately, they have deep pockets. Effort
might be preferable to money, since leaves more ways that a covert
agency might make a mistake, behaving in some characteristic way (e.g.
some sort of automatic authorship attribution software might become
available that revealed them to be a team rather than an individual).
Steady effort at releasing patches over a decade might be moderately
credible.
Johnicholas
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
adrelanos
2013-03-29 18:19:29 UTC
Permalink
Post by Johnicholas Hines
The question is how to distinguish yourself from a nation-state's covert
agency purporting to be an individual interested in anonymity; you need to
do something that the agency would find difficult to do.
I don't think that's possible at all.
Post by Johnicholas Hines
Getting your name and key into difficult-to-corrupt archives will start a
timer - eventually you can point to the archives as evidence that you are
not a newcomer. Even an agency would find it difficult to change history.
What are difficult-to-corrupt archives?

<snip>
Nomen Nescio
2013-03-29 01:51:39 UTC
Permalink
There is a related issue. Assume you are a tor user. Go to
irc.oftc.net, channel #tor. This is where tor users hang out.

There you will find some person on there called "arma." This is one of
the main authors for Tor.

But is he? Are you really on some MITM attack IRC server with all fake
bots? Is someone else pretending to be him? He does appear to be
logged on via an mit.edu ip...

You can't know. All you can find out if the same person signing the
code releases is in possession of the same secret key as the person on
the IRC. You can ask him to sign some snippit of text to verify he is
in possession of the secret key used to sign the tor source code. That
is it. Is that Roger Dingledine? Who knows.

But from a user's perspective I don't know if I care. In this case,
that person signing code = person I am talking to is probably enough
for me to get support for the product. (Assuming I am using the same
Tor everyone else is).

Although moneysphere is supposed to protect you from people creating
new certs for your site, what if your signed cert is stolen and your
dns changed? Using a smart card, it is probably easier to feel assured
your secret key is secure, rather a cert on a server. So with monkey
sphere you are signing these server certificates, getting one more
layer of protection, that site=key=code.

As to whether you are some covert agent, you probably are and don't
know it.
Continue reading on narkive:
Loading...