Robot CA at

David Shaw
Sun Dec 8 19:28:13 2002

On Sun, Dec 08, 2002 at 04:07:09PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Sun, 2002-12-08 at 13:22, David Shaw wrote:
> > Which raises an interesting question.  Should people (real people, not
> > other robots) sign the robot's key.  I strongly feel the best answer
> > here is "no".  There is no need to - the robot is a CA and has that
> > authority with or without such signatures.  Signing a robot key also
> > encourages people who don't need to use this system to use it anyway
> > because it hooks them into the web of trust via a weakly-checked back
> > door.
> Hmmm. Collecting signatures on a key is collecting trust. Personally, I
> do sign keys of CAs I trust (with a policy URL with a statement how much
> I trust them). So, if I'd trust a robotCA and I encounter people whith
> robot-CA-signed keys (where I can't establish trust through better
> ways), I will trust the robotCAs key.

By signing the CA key, you are asserting that you believe for whatever
reason that the key in question really belongs to the CA.  Trust is a
different issue.  It is possible to trust a CA without making the
public assertion about the CA key identity.

How do you assert the identity of something (nearly) unverifiable?  In
the Robot CA case, Kyle can, certainly, but how does someone else?

It's an interesting case of the "nonhuman key" problem.  For example,
the key that signs many software distributions is created just for the
purpose of signing software.  This case is even more interesting since
the CA may sign other keys and influence the web of trust.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson