Signing a Key

Sat Feb 5 02:46:05 CET 2005

On Fri, Feb 04, 2005 at 06:51:31PM -0500, Jason Harris wrote:
> On Fri, Feb 04, 2005 at 03:48:31PM -0500, David Shaw wrote:
> > On Fri, Feb 04, 2005 at 02:57:08PM -0500, Jason Harris wrote:
> > > On Fri, Feb 04, 2005 at 01:39:05PM -0500, David Shaw wrote:
> 
> > > > Some people decided that since a level 1 "I didn't check at all"
> > > > signature type was available, that it was a Real Good Idea to sign
> > > > every single key they saw.
> > > 
> > > In the 2005-01-23 keyanalyze keydump, there are 2896 0x11 (userid cert.)
> > > sigs. from 589 issuers (unique long keyids).  296 issuers (50%) only
> > > issued one 0x11 sig. and 560 (95%) issued less than ten 0x11 sigs.
> > > 0x10581685C521097E (Kyle's RobotCA instance) is responsible for 592
> > > such sigs, or 20%, 0x6EA7FB4DE0BB4BCD (telering.at's RobotCA instance)
> > > issued 217, or 7.5%, and 0x25360A719C851DF1 (ImperialViolet) issued 127.
> > > Only two individuals issued more 0x11 sigs than my 40.
> > 
> > I'm afraid I don't see the point you're trying to make.
> 
> Looking at the stats, the number of people issuing 0x11 signatures
> doesn't seem worrisome, and having issued 40 such sigs myself, there
> are only two individuals I'd question about issuing even more
> (specifically, 69 and 52) 0x11 signatures.
> 
> Furthermore, since the RFC allows one to explicitly assert (quoting
> draft-ietf-openpgp-rfc2440bis-12.txt):

[ snip RFC quoting ]

> I feel everyone should be given the opportunity to do so.  Per the RFC,
> 0x11 sigs don't even require email verification, so I see no harm in
> allowing one to state "I checked nothing" v. "I won't tell you what I
> did and/or didn't check."  Even requiring a policy URL or other
> explanation/justification for each signature won't allow us to determine
> the _highly subjective_ nature of one's signature levels in any automated
> way, by definition in the RFC:

[ snip more RFC quoting ]

> so we may as well resign ourselves to this fact.

Facts are interesting things.  The RFC doesn't specify a trust model
anywhere.  Thus, all programs accept a 0x11 (or 0x10, 0x12 or 0x13)
signature... but treat them all the same.  Perfectly compliant to the
RFC.

0x11 signatures are also interesting things.  When made by people (as
opposed to robots) they are in effect someone making a public
statement to say "Hey, look, I made a lousy signature".  I can't
imagine why someone would choose to advertise far and wide how
terrible their signing policy is, but GnuPG allows people to do stupid
things if they really want to.

GnuPG will quite happily make 0x11 signatures.  It just doesn't do so
by default.  Those people who want to make typed signatures can set
--ask-cert-level and then everyone is happy.

Similarly, by default GnuPG ignores 0x11 signatures.  Like issuing
them, this doesn't stop anyone from accepting 0x11 signatures.  Any
user who cares to can opt-in via "--min-cert-level 1" and accept any
signatures they like.  Given that the whole point of an 0x11 signature
is to say "I didn't check AT ALL", ignoring them by default is safer
than accepting them.

To put this another way, the RFC allows a sender to send foolish
things.  It does not require the recipient to accept them.

> (Thus, GPG's --min-cert-level probably needs to be settable per signer -
> after reviewing the signer's policies - to account for these differences.)

Your own statistics argue against this.  589 people in the entire
OpenPGP world actually issued 0x11 signatures.  Just 293 people issued
more than one.  Given the number of people using OpenPGP, 293 people
is a rounding error.  That's not worth having a whole new trust model
for, especially given the serious security ramifications of 0x11
signatures, be vastly more confusing to new users, and be incompatible
with PGP to boot.

David