laying groundwork for an eventual migration away from SHA1 with gpg
dshaw at jabberwocky.com
Thu May 21 16:27:41 CEST 2009
On May 21, 2009, at 6:32 AM, Nicholas Cole wrote:
> On Thu, May 14, 2009 at 2:46 PM, Micah Anderson <micah at riseup.net>
>> David Shaw <dshaw at jabberwocky.com> writes:
>>> I don't mean there are faster/easier/cheaper ways of doing this
>>> mathematically. I mean boring old subterfuge like going to a
>>> keysigning party with a fake ID, claiming to be someone else. I
>>> get a
>>> bunch of signatures, and I'm done. It skips the whole difficult
>>> I'm all for strong crypto protection against impersonation, but when
>>> there is a non-crypto impersonation attack that has essentially the
>>> same end result as a crypto impersonation attack, and the non-crypto
>>> variant of the attack is vastly cheaper, faster, and easier than the
>>> crypto attack, I do start to wonder what the point is of putting a
>>> strong crypto defense against the crypto attack.
> I've never quite understood "Key Signing Parties" for this reason. It
> seems to me that OpenPGP and its web of trust provide an excellent way
> to represent technically and securely trust relationships that already
> exist. You can't use OpenPGP to create trust that doesn't exist
> outside the system.
Key signing parties can't really create trust relationships, but
they're not intended to. Key signing parties are for proving
identity. Opinions may vary whether they do that well enough, but the
intent is just to make a strong binding between a human being and a
key. Whether people then choose to trust signatures from that key is
up to them.
Mind you, I don't think that people at key signing parties verify
identity particularly well either, but at least identity is a more
tractable problem than trust.
There is a built-in assumption in the classic web of trust that some
identity verifiers are better than others. See the "full" and
"marginal" ownertrust settings, for example, and there are tunable
options as to how many "full" signatures or "marginal" signatures are
needed to establish identity for the user.
More information about the Gnupg-devel