Robot CA at

Kyle Hasselbacher
Mon Dec 9 04:51:02 2002

Hash: SHA1

I've seen lots of talk about whether my Robot CA should be part of the web
of trust, and about weak signatures in the web of trust.  I'm writing one
post rather than follow up to everything.

David Shaw is correct in pointing out that getting the Robot CA in the WoT
does not improve its functionality.  The problem I see is how someone would
verify the integrity of the robot's key.  They could verify it with me the
same way they'd verify my key.  Given a verified key, it could be put on
read-only media distributed with the user's mail client or other
out-of-band means.  It seems far easier just to use the WoT (I sign the
robot, and they verify my key the usual way).

Concerns about polluting the WoT aside, it seems proper for me to sign my
robot's key and vice versa.  Assuming I am who I say I am (I feel
comfortable making that assumption), I could get into the WoT legitimately
myself.  At that point, the robot is in too, and everyone it signed.

I agree with Richard Laager when he says that the "over trust" of 0x11
signatures is an issue with the user agent.  The fact that it's an issue
with ALL of them doesn't make this less true.  When everyone on the road is
speeding, it doesn't mean they're not breaking the law.

Ultimately there's the same solution that was there three days ago when I
first posted about this: just don't trust the robot's signatures.  That
seems like a good interim solution until the user agent can figure out what
to do with weak signatures.  Since all the robot's signatures are weak by
definition, GnuPG's blindness to them isn't important.

The way GnuPG deals with weak signatures is a bigger problem for a real
person who chooses to use them along side strong signatures.  People
assigning trust to Jason Harris have a choice: (1) distrust some strong
signatures, or (2) trust some weak signatures.  I think that's the real
motivation to make GnuPG use them better.

As for "chaos in the meantime", that was a dumb remark.  I think that GnuPG
should deal with weak signatures for reasons above.  I'd like it all to
work as smoothly as possible, but I don't believe in giving up the feature
because other implementations don't have it.
- -- 
Kyle Hasselbacher
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see