Robot CA at

Kyle Hasselbacher
Tue Dec 10 08:31:02 2002

Hash: SHA1

On Mon, Dec 09, 2002 at 09:36:42PM -0500, David Shaw wrote:
>On Sun, Dec 08, 2002 at 09:52:01PM -0600, Kyle Hasselbacher wrote:
>> David Shaw is correct in pointing out that getting the Robot CA in the WoT
>> does not improve its functionality.  The problem I see is how someone would
>> verify the integrity of the robot's key.  They could verify it with me the
>> same way they'd verify my key.  Given a verified key, it could be put on
>> read-only media distributed with the user's mail client or other
>> out-of-band means.  It seems far easier just to use the WoT (I sign the
>> robot, and they verify my key the usual way).
>Using the web of trust is actually a pretty ineffective way to verify
>the robot key.  Remember that (by default) the web of trust is 4
>levels deep.  That means they'd have to trust you, trust someone who
>trusts you, or trust someone who trusts that person.  Anything further
>than this and the robot key is useless.
>Having people trust the robot key explicitly means a:
> trusted-key (robot key)
>in their config file.  Very explicit, very much opt-in, and no
>question about accidentally trusting something that was not intended.
>Since this system was promoted as part of a special setup for Granny,
>that special setup can trivially include this configuration.  It
>doesn't help Granny to involve the web of trust at all.

This is all true, but I was thinking not of Granny verifying the Robot CA
but rather Granny's software's programmer.  Granny will have a trusted-key
line in a config somewhere, sure enough, but it'll be her software that
puts it there, not her.  Since she won't be verifying any keys by hand, she
has no way into the web of trust.  It doesn't help her to have that web

It DOES help Alice the Programmer when she writes Granny's software.
Alice, being a crypto enthusiast, DOES have a way into the web of trust.
She might even be close enough to me in the web (or more accurately,
someone who signs me) that she feels comfortable trusting my signature on
the robot's key.  If she's not that close, she knows how to verify a key on
her own, and add her signature, which might help the next Bob the
Programmer do the same thing.

>> I agree with Richard Laager when he says that the "over trust" of 0x11
>> signatures is an issue with the user agent.  The fact that it's an issue
>> with ALL of them doesn't make this less true.  When everyone on the road is
>> speeding, it doesn't mean they're not breaking the law.
>But it does mean that people who are driving along with them should be
>careful ;)

- -- 
Kyle Hasselbacher | Moral indignation is jealousy with a halo.  |                              -- H. G. Wells
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see