Robot CA at

David Shaw
Sun Dec 8 20:41:02 2002

On Sun, Dec 08, 2002 at 04:37:15PM +0100, Ingo Kl=F6cker wrote:
Content-Description: signed data
> On Sunday 08 December 2002 13:22, David Shaw wrote:
> > Which raises an interesting question.  Should people (real people,
> > not other robots) sign the robot's key.  I strongly feel the best
> > answer here is "no".  There is no need to - the robot is a CA and has
> > that authority with or without such signatures.  Signing a robot key
> > also encourages people who don't need to use this system to use it
> > anyway because it hooks them into the web of trust via a
> > weakly-checked back door.
> >
> > If a robot CA must be done, and I do see some limited benefits to it,
> > it must not become a free pass into the web of trust strong set.=20
> > That hurts all of the users of OpenPGP.
> The problem is that it's impossible to prevent this from happening sinc=
> a single signature from a member of the strong set on the robot's key=20
> will suffice. And you can be sure that there will be people signing=20
> this key. The only two possibilities (I can think of at the moment) to=20
> prevent this would be to
> a) make the robot's key non-exportable, i. e. make it impossible that i=
> ever shows up on any keyserver. Then people could sign the robot's key=20
> to show GnuPG that they trust this key.
> b) make it non-signable with exportable signatures. Then people could=20
> still sign it locally.
> AFAIK both attributes (non-exportable and non-signable with exportable=20
> signature) don't exist in the OpenPGP specs.

They don't exist.  You are also correct that there is no way to
prevent this from happening.  The best we can hope for is for people
to not sign such keys, or perhaps for the documentation for a robot to
indicate the problem and ask people not to sign the key.

If someone was against such signatures enough, they could even use
this as a test to see if they trust people to make good signatures.
Someone's signature on a robot key would be a hint they don't check
well.  This isn't completely fair, of course, since someone could make
a persona signature which is supposed to be for this sort of
situation.  Unfortunately, no implementation yet allows people to
ignore persona signatures.  It's unlikely that PGP will ever add such
a feature, so we can easily end up with two different views of the web
of trust.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson