On 11/06/2006 05:58 PM somebody named Carlos E. R. wrote:
The Monday 2006-11-06 at 07:27 -0500, ken wrote:
On 11/05/2006 10:35 PM somebody named Carlos E. R. wrote:
....
If you change to a new email account and want to prove to me that you are the same person, all you have to do is send me an email using your current key.
Actually, you can add the new identity to the old key, upload it again to a key server, and continue using the same key. The same key can have several ids.
This is true and good to point out. However, it's not required and might not always be desirable. It might be preferable to keep one's identities distinct and separate except to select friends.
....
Now the terms "local" and "non-local" (global?) don't describe very well this usage. Nor do the given "levels of trust". Given the above purposes, there's no question as to *how much* I trust the signature, but rather *what* I trust. The local-global dichotomy doesn't address this manner of trusting, what I would refer to as "personal" or "identical" trusting. That is, I don't know your date of birth, street address, phone number, or even if Carlos E. R. is your true name, but I don't care about those. (Except for your date of birth, all these details about you could be legally changed anyway.) The only trust issue here is personal (and I'm using "person" here in its original, most fundamental sense, from the Latin "per-sonare", to sound through (a mask), what an actor in a drama did/does), one of the identity of the one who may wear different "masks". To trust any communication where the identity of the person we are communicating with is critical, this manner of trusting is critical, regardless of whether we call it global or local.
Right again.
Local signing is just a safeguard, so that I don't upload them accidentally and others import it. Each person might use it for different purposes, but the idea is to only sign globally or publicly when we can certify the identity of that person somewhat. That's how I understand it, at least.
Perhaps my point got lost in the too much explication I posted. It is that the notion of "levels of trust" implies that keys have a range of qualities, e.g., moderate, full, ultimate, unrelated to whether they are, e.g., 1024-bit or 2048-bit. What, then, do the levels of trust mean and how can we assign a value to a new key on our ring(s)? The scalars, whether numeric or linguistic, don't correspond to anything in experience... abstractions I just don't see too much use for. More useful would be, for example, the ability to designate the name as "alleged" (as in "the person with this email address says his name is Jorge") vs. "verified" (as in "I checked his official picture ID and the name is what he says"). One such Boolean, but experientially concrete selection would be far more meaningful than an abstract scale with lots of choices. -- "It is not knowable how long that conflict would last, it could last, you know, six days, six weeks. I doubt six months." --Secretary of Defense Donald Rumsfeld, 2/7/03