Re: [CFRG] please use real names (was: Re: Small subgroup question for draft-irtf-cfrg-hash-to-curve)

Mike Hamburg <mike@shiftleft.org> Sun, 11 April 2021 16:00 UTC

Return-Path: <mike@shiftleft.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 880263A1241 for <cfrg@ietfa.amsl.com>; Sun, 11 Apr 2021 09:00:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.305
X-Spam-Level:
X-Spam-Status: No, score=-1.305 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=shiftleft.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IDfJU29IRVPO for <cfrg@ietfa.amsl.com>; Sun, 11 Apr 2021 09:00:40 -0700 (PDT)
Received: from doomsayer.shiftleft.org (unknown [54.219.126.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3ADC13A122E for <cfrg@irtf.org>; Sun, 11 Apr 2021 09:00:36 -0700 (PDT)
Received: from [192.168.7.53] (unknown [198.207.18.242]) (Authenticated sender: mike) by doomsayer.shiftleft.org (Postfix) with ESMTPSA id 47F24BB80C; Sun, 11 Apr 2021 16:00:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shiftleft.org; s=sldo; t=1618156834; bh=uXQ8f+E9Gr2gIsowm1Np1aJXNQ/PJHTynIVP9RsDckc=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=FZ5rvj0Urb3jQJ9TJItkjwnWOyrSumNoeFqEyuAPUi7XX8m2c268XOBgV0qyTEab+ 5htAiKfF6PQG6DiKkXAyvHx2K8u0YAqm95j/q+VpyHfTTzOywamCV5GVsJPbMhxE+a S9769YbqZPZgfC7gqD5F41zruQAD1Gt8124XMKKY=
From: Mike Hamburg <mike@shiftleft.org>
Message-Id: <81859339-8B95-492E-88B7-746836F78E0D@shiftleft.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CA5CADA7-520E-496A-B817-995AFAD4C0CB"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Sun, 11 Apr 2021 13:00:29 -0300
In-Reply-To: <CAOvwWh3iYwUxMw57165P7QOS-NgKfi90Tbsqz_r2U02-5se3kA@mail.gmail.com>
Cc: Squeamish Ossifrage <squeamishossifrage.se@protonmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
To: Soatok Dreamseeker <soatok.dhole@gmail.com>
References: <5kNv_5tUGSftaikmVD_WOJNEXwJjdLV07YODBNFunXGvBKKTOJ2ytxrCKgsj9OgNK3fB_ofUTv7pYbKO-akAqXmhszP0-eYfzj8B6lCRuwg=@protonmail.com> <CAOvwWh2V6ds67BxzQjakXpsuFuJhhg-GOuiDfY5rqubqZVM0Fg@mail.gmail.com> <B007B163-3A5F-43E3-AD2A-81500BF8CB58@shiftleft.org> <CAOvwWh3iYwUxMw57165P7QOS-NgKfi90Tbsqz_r2U02-5se3kA@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/bGPdUAbGwpj8foOtr9CtbQj-y7Y>
Subject: Re: [CFRG] please use real names (was: Re: Small subgroup question for draft-irtf-cfrg-hash-to-curve)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Apr 2021 16:00:45 -0000


> On Apr 11, 2021, at 12:36 PM, Soatok Dreamseeker <soatok.dhole@gmail.com> wrote:
> Your proposal is reasonable.
> 
> Frankly, I was surprised to hear these arguments take place on a
> cryptography forum, where anonymity experts are more plentiful than in
> a random sample of the rest of the Internet.
> 
> Briefly: The risk of anonymity towards misbehavior is not because of
> anonymity itself, but the removal of social consequences. As you
> touched upon, long-term pseudonyms are preferable in forums where
> reputation matters to one-time or short-lived pseudonyms.
> 
> Most of the participants on this forum do not know who Soatok is in
> the government's perspective, nor would you be expected to care about
> that. However, I do blog as Soatok, and my blog touches on
> cryptography a lot. Additionally, I have open source cryptography
> libraries (primarily written JS and PHP) on Github under this name.
> You could say that my long-term pseudonym has "skin in the game".
> 
> Thus, my proposal is simply to include a preference for long-term
> pseudonyms over short-term pseudonyms within the "strong suggestion"
> that Mike proposed.

Yeah, preferring long-term pseudonyms over short-term definitely makes
sense.  And while I don’t pretend to be an arbiter of pseudonyms, Soatok
has indeed published quite a bit under that name, and I don’t mean to
demand that they out themselves.

Also “real name” doesn’t necessarily mean “government name” anyway,
unless you really really need it to for some legal reason, which I’m pretty
sure we don't.  Requiring that Moxie Marlinspike post as “Matthew
Rosenfeld” seems plainly counterproductive.

— Mike