Robot CA at

Ingo Klöcker
Sun Dec 8 19:32:02 2002

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
Content-Description: signed data
Content-Disposition: inline

On Sunday 08 December 2002 13:22, David Shaw wrote:
> Which raises an interesting question.  Should people (real people,
> not other robots) sign the robot's key.  I strongly feel the best
> answer here is "no".  There is no need to - the robot is a CA and has
> that authority with or without such signatures.  Signing a robot key
> also encourages people who don't need to use this system to use it
> anyway because it hooks them into the web of trust via a
> weakly-checked back door.
> If a robot CA must be done, and I do see some limited benefits to it,
> it must not become a free pass into the web of trust strong set. 
> That hurts all of the users of OpenPGP.

The problem is that it's impossible to prevent this from happening since 
a single signature from a member of the strong set on the robot's key 
will suffice. And you can be sure that there will be people signing 
this key. The only two possibilities (I can think of at the moment) to 
prevent this would be to
a) make the robot's key non-exportable, i. e. make it impossible that it 
ever shows up on any keyserver. Then people could sign the robot's key 
to show GnuPG that they trust this key.
b) make it non-signable with exportable signatures. Then people could 
still sign it locally.

AFAIK both attributes (non-exportable and non-signable with exportable 
signature) don't exist in the OpenPGP specs.


Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)