Robot CA at toehold.com

Jason Harris jharris@widomaker.com
Thu Dec 5 21:34:01 2002 

--Clx92ZfkiYIKRjnr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


[multi-reply]

On Thu, Dec 05, 2002 at 11:30:13AM -0600, Kyle Hasselbacher wrote:
> On Thu, Dec 05, 2002 at 11:13:27AM -0500, David Shaw wrote:

> >Note also that OpenPGP defines multiple signature verification
> >levels.  I've argued in the past, and continue to argue now that any
> >automated signer should use 0x11 "persona" signatures as a hint that
> >this is an unusual signature.
>=20
> I made this an option in the robot's config file.  Mine makes normal
> signatures right now only because I couldn't decide on 1 or 2.  I agree
> that this would be a good way to flag it as an unusual signature.

2 (0x12) isn't the proper option, as this thread shows:

  http://lists.gnupg.org/pipermail/gnupg-users/2002-October/015653.htm


On Thu, Dec 05, 2002 at 11:43:12AM -0600, Kyle Hasselbacher wrote:
> On Thu, Dec 05, 2002 at 10:54:47AM -0500, Jason Harris wrote:

> >Does anyone else want to see the signatures from this CA be 0x11/persona
> >signatures (besides me)?
>=20
> Yes.  I didn't do it because I was put off by GnuPG's "I have done no
> verification" description.  It does SOME verification, just not a lot.
> Since I'm seeing multiple people suggest this, I'll probably do it this w=
ay
> in the near future.

It has confused others as well...


On Thu, Dec 05, 2002 at 08:03:57PM +0100, Michael Nahrath wrote:
> Kyle Hasselbacher <kyle-list-gpguser@toehold.com> schrieb am 2002-12-05
> 18:43 Uhr:

> > Since I'm seeing multiple people suggest this, I'll probably do it this=
 way
> > in the near future.
>=20
> Rather hurry to set up your policy!
>=20
> Signings your bot gives today can't easyly be redone tomorrow.

Indeed, but the "damage" is probably already done.  Such signatures
can be revoked, however (as long as the private key remains usable).

Anyway, it will be interesting to see how signatures from this CA affect
future keyanalyze reports.  (Anyone want to see the signature lists now?)

--=20
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web:  http://jharris.cjb.net/

--Clx92ZfkiYIKRjnr
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE977hpSypIl9OdoOMRAkY4AKCgaSMDSZ2Fq1tIi9HQxyMkRfSKHgCgyRhH
PDRU552CV4twDVAlSal63Ys=
=FJ07
-----END PGP SIGNATURE-----

--Clx92ZfkiYIKRjnr--