Robot CA at toehold.com
Ingo Klöcker
ingo.kloecker@epost.de
Sun Dec 8 19:32:02 2002
--Boundary-02=_yc289mXDCM+ucVv
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Description: signed data
Content-Disposition: inline
On Sunday 08 December 2002 13:22, David Shaw wrote:
> Which raises an interesting question. Should people (real people,
> not other robots) sign the robot's key. I strongly feel the best
> answer here is "no". There is no need to - the robot is a CA and has
> that authority with or without such signatures. Signing a robot key
> also encourages people who don't need to use this system to use it
> anyway because it hooks them into the web of trust via a
> weakly-checked back door.
>
> If a robot CA must be done, and I do see some limited benefits to it,
> it must not become a free pass into the web of trust strong set.
> That hurts all of the users of OpenPGP.
The problem is that it's impossible to prevent this from happening since
a single signature from a member of the strong set on the robot's key
will suffice. And you can be sure that there will be people signing
this key. The only two possibilities (I can think of at the moment) to
prevent this would be to
a) make the robot's key non-exportable, i. e. make it impossible that it
ever shows up on any keyserver. Then people could sign the robot's key
to show GnuPG that they trust this key.
b) make it non-signable with exportable signatures. Then people could
still sign it locally.
AFAIK both attributes (non-exportable and non-signable with exportable
signature) don't exist in the OpenPGP specs.
Regards,
Ingo
--Boundary-02=_yc289mXDCM+ucVv
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA982cyGnR+RTDgudgRAp3WAJ9z0HbfA0dLvNhsMfXX/FRHnalZFACgtWiT
nZuhxe5Lkt/SzluDT4Cbiyw=
=lupb
-----END PGP SIGNATURE-----
--Boundary-02=_yc289mXDCM+ucVv--