[Cryptography] People vs AI

iang iang at iang.org
Thu Mar 13 04:14:53 EDT 2025 

On 12/03/2025 22:47, Bill Stewart wrote:
> On 3/12/2025 11:34 AM, Jon Callas wrote:
>>> On Mar 12, 2025, at 00:06, Marek Tichy <marek at gn.apc.org> wrote:
>>> Have we lost the web-of-trust track here? If Bob who I know in person tells me that Alice is a person then I have very good reasons to believe that Alice is a person, even though I never met her.
>> Do you?
>>
>> There seems to be an assumption in here that a person would neither lie nor be mistaken about it. I have long comments, but a short one here is how you'd handle a pseudonym. How does a person who wants to have a pseudonym and be known by that demonstrate they're a person?
>>
>> Personally, I think the web-of-trust is problematic in many ways, one of the primary ones being the issue I bring up in the previous paragraph. How does someone who has a pseudonym get verified?
> IIRC it was Phil Zimmermann who referred to one problem with WoT being
> his friend who he could trust personally but who had terrible judgement.
> That was back when the threat model wasn't "are they a human?",
> but usually "are they a cop/spy/provocateur?" as well as
> "are they really That Person or an imposter?"


Which brings up why imho the web of trust failed - nobody was really 
sure what it was that was being signed. This word trust seemed to cover 
too many bases.


> I've signed keys for both Lucky Green and Black Unicorn, having met them
> in person and decided that they were _probably_ the people who used
> those names online. (For Lucky, I'd say 100%; Unicorn maybe 95% :-)


There's a couple of names I've not heard for a while :)

This model is what I'd call the American school - that signing as a nym 
was totally acceptable because that's who you were - that nym. On the 
other side of the pond, they ran signing parties where everyone would 
line up in two lines and show their passport to the other side, plus the 
details. That European model was about proving your government ID.

They weren't contradictory as much as information free - there wasn't 
any emergent protocol that distinguished which was which. So trust 
didn't work, because nobody know what the signing statement actually stated.

As an anecodote, Black Unicorn, being on the American nymous side, got 
outed at the Ecliptic Curve cruise in '98 in Anguilla, because the boat 
required everyone to present their passports for recording. Probably as 
we were cruising past a half dozen island states to get to the eclipse 
off Montserrat. *Someone* was cunning enough to check the boarding 
manifest and find the one name that nobody knew...

Perhaps the nymous use case is more of a cypherpunk fanstasy? Even more 
so today when there is so much extra information available; could one 
realistically hide behind a nym for any significant value? Or is it just 
a movie plot?

iang

More information about the cryptography mailing list