[lazide]

I already addressed that situation.

In this situation, ownership of the private key is proof you could have written the message (and no one else could have, unless the key was compromised).

Which from the point of de-anonymizing yourself intentionally is more than good enough.

If you copy and pasted the original from someone else, that doesn’t matter in this situation no? You still ‘reposted’ it as your own.

Since the scenario is someone going after the authors of a post. Or someone who posted showing they were the ones who did the post.

Any timestamps would be provided by the forum the posts are in.

[lxgr]

> If you copy and pasted the original from someone else, that doesn’t matter in this situation no? You still ‘reposted’ it as your own. [...] Any timestamps would be provided by the forum the posts are in.

Oh, you're assuming all of this in the context of an authenticated/tamper-proof communications platform with trustworthy timestamping?

Sure, then your scheme works, but it'd be little more than cargo culting: You don't need any signature scheme at all if you trust the messaging platform :) And vice versa, if you don't, you can't trust it to not tamper with the original "key establishment" message either.

[lazide]

I’m not sure why you seem to be getting wrapped around the axle here.

There is zero need for a ‘key establishment’ message here. The platform has zero need to, or reason to even be aware of the existence of these keys. all it needs frankly, besides a simple WORM style ‘post that has a timestamp’ (with encoded signature + one time use pubkey embedded of course, which can be done compactly and in Base64)..

The only ‘trust’ of the platform required would be that they aren’t tampering with timestamps or arbitrarily changing contents - and even then, the actual impact is quite limited correct? Since it would detect tampering of message contents, and timestamp changes are of dubious impact in most of these scenarios. At most someone could post the same thing as you (or similar) but under a different key - which no one could prove was you and would be anonymous. If there was someone you wanted to be able to verify it was from you, you could easily do so while remaining anonymous to everyone else.

Usenet, HN, IRC, Twitter/X, or frankly any of a number of basic web forums would be fine. Accounts could be disposable, and probably should be to.

That’s the whole point.

None of this needs, or would really benefit from, specialized infrastructure besides some client side scripts that could easily just do cut/paste style interactions of messages to/from whatever medium was being used. I’d bet $20 this could even be implemented using GPG with some scripting.

Unclear why anyone would care while we have major celebrities bleating out the color of their poop and their latest political crimes for all the world to hear though.

[lxgr]

My point is that using digital signatures in that type of pseudonymous/anonymous forums probably achieves less than you think it does, but maybe I'm not clear on what that actually is.

The only benefit I see of publishing a public key there is giving other readers an out-of-band way to privately communicate with you, or yourself a way to establish continuity of your pseudonymous identity on other platforms. You'd never use it to sign anything you post on that platform itself, though, as that wouldn't serve any purpose.

If that's what you mean, I think I agree :)