Robot CA at toehold.com

Per Tunedal pt@radvis.nu
Mon Dec 9 10:43:06 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 09:36 2002-12-09 +0100, you wrote:

 >David Shaw wrote:
 > [ 0x11 persona sigs ]
 >
 >> Don't forget PGP.  You're making signatures that act incorrectly for
 >> exactly 100% of the user base of OpenPGP.  Are you sure you want to do
 >> that?
 >
 >Nice as it is, I think the web of trust idea is much overrated. It works
 >for verifying signatures in everyday use, like on mailing lists. But
 >when real secrecy is in question, in most cases
 > - people either have met in persona and therefore could exchange keys
 >directly.
 > - or people are within a relatively closed group (say, Debian
 >developers who have to mail around account data), so manual verifying of
 >a trust path is easy enough.
 >
 >I doubt the global web of trust is used much for more than a casual
 >verification. So, for me, e-mail robotCA has its justification as well
 >as 0x11 signatures (which hopefully people *do* notice as soon as they
 >become careful about trust), and I wouldn't call this 'polluting' the
 >web of trust.
 >
 >cheers
 >-- vbi

I agree that in cases where real secrecy is needed other means of key 
verification than the Web of Trust have to be used.

I agree that the robotCA is useful. Verifying e-mail addresses ei 
establishing the connection key - e-mail address is important for casual 
encryption, as someone else has stated as well.

In fact I was a little confused about the signing levels at first, because 
I wanted to make exportable signatures on keys when I had verified only the 
e-mail address, but didn't find any appropriate signing level. Thus I only 
put exportable signatures on keys when I have checked the identity of the 
keyholder - and that's not very frequent.

I think it's fine if the robot uses level 1 (casual check) -signatures, but 
in the future I would like to introduce a new level: "I have checked the 
e-mail address only". I would find it very helpful. And I would sign a lot 
of keys and help some other people that might not use the robot.

I still think it would be more natural for most people to verify the 
connection between the e-mail address and the person. (And it's easier to 
check on e-mail address by phone than reading fingerprints!) Thus a 
verification of the connection between the e-mail address and the key would 
be helpful.

But as someone else have stated: In many cases it is sufficient just to 
establish the connection between the e-mail address and the key. It doesn't 
really matter who the person behind the address is. That makes it even more 
helpful with verification of e-mail addresses.

As to PGP and old software I have noticed that e.g. PGP 6.5.8 doesn't 
notice expired signatures! It put me off from starting a CA-services last 
year, because I didn't want the CA-signatures to have an eternal life. But 
now that Kyle Hasselbacher has started his robot I might think it over 
again. Or rather I will encourage people to use his robot. Important 
features must be introduced and used. They might even encourage people to 
upgrade!

Per Tunedal

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.906c

iD8DBQE99GXvV+WjFXkFqqkRArBoAKDq5iu3NFsjjeUnbjcMmZ8dyUysHgCgwtR5
73zm3VYGigEy4GVo/6zVRCA=
=W23n
-----END PGP SIGNATURE-----