Semi-automated trust, policy (was: Robot CA...)

Fri Dec 6 22:48:02 2002

Kyle Hasselbacher <kyle-list-gpguser@toehold.com> schrieb am 2002-12-06
20:39 Uhr:

> Back to the robot, if people have keys signed by it, then there's a mapping
> between a key and an email address.  Then the email address can be an
> easier "fingerprint" for a user.

If you promoted it like this, I'd see your service as as a danger for
security.

Being only a small reseller for webspace myself I can easily figure out ways
to be the 'man in the middle' against my users.

I create a key for their addresses, I let it sign by the robot. They will
never know that there exists a key in their name (if they aren't interested
in kryptography by their own.
I get all their mail first, decrypt it, read it, maybe change it and then
pass it over to them - unencrypted as they expect e-mail.

Feeling safe because everything is encrypted the other side will tell
details it would not in unencrypted mail.

> Granny can tell me her email address in
> person, but she can't remember (or even figure out) her fingerprint.

So she should rather have it printed on the back of her business card.

> If I
> look up keys with that email address and find one that's robot-verified, I
> may feel confident enough to sign it myself based on that.

If you do silly things like this, the whole system of signing in person gets
worthless.

NEVER SIGN A KEY BASED UPON OTHER PEOPLE'S SIGNINGS !

Even if my key had signature from each regular of this list you should not
sign my key if you have not personally checked that I am I.

You _may_ set the value of 'trust' to 'f' for their keys in your personal
installation and if you have a strong trust path to one of them you will
have it to me as well by doing this.

I just typed "gpg --edit-key 2A94C484   trust   2   q".

Just in case you really mean what you wrote.

> A business that
> has checked my ID and asked me my email address could do the same thing.

Never!

Greeting, Michi