hashed user IDs [was: Re: Security of the gpg private keyring?]
expires2011 at ymail.com
Sat Mar 12 22:23:08 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Saturday 12 March 2011 at 8:22:06 PM, in
<mid:4D7BD5EE.80301 at sixdemonbag.org>, Robert J. Hansen wrote:
> On 3/12/2011 1:05 PM, MFPA wrote:
>> How does the WoT idea require me to know the names or email addresses
>> associated with the keys in the trust path? The text strings in User
>> IDs do not feature in the trust calculation.
> Yes, in fact, they do.
> In my past, there's an ex-CEO whom I'll just call
> "Ben." Ben made some really astonishingly bad
> decisions that put him in prison for eighteen months,
> and left me with a permanent distrust for him. If I
> see Frank has signed Ben's certificate, and I trust
> Frank, am I going to trust Ben?
> Of course not.
Presumably GnuPG factors this into the trust calculations by virtue of
the trust level you have assigned to Ben's key, not by parsing his
> Trust is not transitive. If A trusts B and B trusts C,
> there is no requirement that A trusts C.
In real life, true. But what about the GnuPG default of trusting a key
that carries certifications from 1 fully trusted or 3 marginally
trusted keys. Unless you manually inspect each trust path, how would
you spot unknown keys from past real-life associates you distrusted?
> In fact, if
> it turns out A knows C, transitivity can break
Indeed, if you know that a certificate belongs to somebody you
actually know, trust *calculations* are irrelevant. Of course you
might trust somebody's security procedures and keysigning policy but
wish to keep your valuables or your wife well away from him.
MFPA mailto:expires2011 at ymail.com
A picture is a poem without words
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users