Robot CA at toehold.com

David Shaw dshaw@jabberwocky.com
Sun Dec 8 23:45:01 2002


On Sun, Dec 08, 2002 at 03:51:28PM -0600, Kyle Hasselbacher wrote:

> On Sun, Dec 08, 2002 at 09:39:36PM +0100, Michael Nahrath wrote:
> >Kyle Hasselbacher <kyle-list-gpguser@toehold.com> schrieb am 2002-12-08
> >20:24 Uhr:
> 
> >> I think including more people in the web of trust is a good thing.  Part of
> >> my motivation for creating this is that I saw so many keys which I thought
> >> were good but which had no solid trustworthy connection to anything.  The
> >> reason they had no connection is that making the connection is hard.
> >
> >It is hard because those connections _have_ to be strong. Rather have a lot
> >of people unconnected (which simply expresses the truth) than lowering the
> >meaning of signatures.
> 
> I think the only keys that should not be in the web of trust are the ones
> that are totally bogus, through and through.  Being able to express weak
> connections expresses the truth--that I have a little trust, but not
> absolute trust, that I know something, but not everything.  If Alice gets
> in, but I can see that no one is REALLY sure about it, that still tells me
> more than if she doesn't get in at all.
> 
> >Weak connections are SPAM to the web of trust.
> 
> I think they're details.  They express a truth that was not expressable
> before.  It's not noise; it's just not as good as other signals.

Keep in mind that no OpenPGP programs except very recent version of
GnuPG can even express weak signatures - and even GnuPG treats them as
cosmetic and does not interpret them differently.  Think about that
for a second: no PGP user can even see what you are doing.

> >> I WANT to lower the barrier of entry.
> >
> >... accepting that you might ruin it that way?
> >
> >(Mainly a question. I haven't come to a conclusion yet.)
> 
> Clearly, I don't believe it will be ruined that way.  8-)  Of course, I
> don't want to make the WoT worthless.  I think getting more people in it
> makes it more valuable.

No.  Getting more people in it in a strong manner makes it more
valuable.  Adding weak signatures to it hurts it for everyone.  You
don't need to add weak signatures to the web of trust for your robot
to work.

Your robot should not be part of the web of trust at all.  It is a
(weak) CA.  A CA is a different trust model than the web of trust.  By
mixing the two, you hurt the web of trust without helping the CA model
at all.

> >Even if GPG, PGP and HKP where updated immediately with such a feature
> >it would take years untill most people had the ability to recognize the
> >weakness of a robot signature.
> >People simply don't update their softway as fast as you may wish.
> 
> That's fine.  There may be a little chaos in the meantime.  The existence
> of persona signatures (and people who make them) is an incentive for people
> to upgrade.  I'd say since GnuPG already supports making persona
> signatures, distinguishing them from harder signatures is a feature that
> needs to come next anyway.

"a little chaos in the meantime?"  Wow, that's just what's needed to
get more people to adopt crypto.  You know, for something that is
intended to make things simpler for Granny, we're now redesigning
trust models, modifying the keyanalyze reports, toying with massive
new infrastructure... maybe I missed it - when did things get simpler?

The goals and requirements for this thing should be just a little more
understood before we start redesigning a system that has worked quite
well for over 10 years and millions of messages.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson