Semi-automated trust, policy (was: Robot CA...)

Michael Nahrath
Fri Dec 6 22:48:02 2002

Kyle Hasselbacher <> schrieb am 2002-12-06
20:39 Uhr:

> Back to the robot, if people have keys signed by it, then there's a mapping
> between a key and an email address.  Then the email address can be an
> easier "fingerprint" for a user.

If you promoted it like this, I'd see your service as as a danger for

Being only a small reseller for webspace myself I can easily figure out ways
to be the 'man in the middle' against my users.
I create a key for their addresses, I let it sign by the robot. They will
never know that there exists a key in their name (if they aren't interested
in kryptography by their own.
I get all their mail first, decrypt it, read it, maybe change it and then
pass it over to them - unencrypted as they expect e-mail.

Feeling safe because everything is encrypted the other side will tell
details it would not in unencrypted mail.

> Granny can tell me her email address in
> person, but she can't remember (or even figure out) her fingerprint.

So she should rather have it printed on the back of her business card.

> If I
> look up keys with that email address and find one that's robot-verified, I
> may feel confident enough to sign it myself based on that.

If you do silly things like this, the whole system of signing in person gets


Even if my key had signature from each regular of this list you should not
sign my key if you have not personally checked that I am I.
You _may_ set the value of 'trust' to 'f' for their keys in your personal
installation and if you have a strong trust path to one of them you will
have it to me as well by doing this.

I just typed "gpg --edit-key 2A94C484   trust   2   q".

| Please decide how far you trust this user to correctly
| verify other users' keys (by looking at passports,
| checking fingerprints from different sources...)?
| 1 = I don't know
| 2 = I do NOT trust

Just in case you really mean what you wrote.

> A business that
> has checked my ID and asked me my email address could do the same thing.


Greeting, Michi