Robot CA at toehold.com

[David Shaw]

On Wed, Dec 11, 2002 at 02:24:09PM +0100, Janusz A. Urbanowiz wrote:
> On Wed, Dec 11, 2002 at 07:54:54AM -0500, David Shaw wrote:
> > On Sun, Dec 08, 2002 at 06:40:44PM +0100, Janusz A. Urbanowiz wrote:
> > > On Tue, Dec 10, 2002 at 03:07:40PM -0000, greg@turnstep.com wrote:
> > > > 
> > > > I would really like to see all robots and automated scripts kept out 
> > > > of the WoT and continue to assume (hope?) that all signatures inside of the 
> > > > web were performed correctly by actual people. Barring that, I'd like to 
> > > > have an option to the various WoT trace programs that allow certain keys 
> > > > to be excluded. This sounds easier than trying to account for 
> > > > signature levels, which are not reliable anyway, as many have pointed 
> > > > out.
> > > 
> > > In GPG you can set the key owner to 'I do not trust signatures by this key'.
> > > I don't know if it works as expected (i.e. negative weight on signature).
> > 
> > Not negative, just zero.  It can't be negative, or signatures by this
> > key will cause otherwise trusted keys (from good paths) to be
> > untrusted.  Better to make the untrusted key have no effect at all.
> > 
> > "Don't know", "Don't trust", and unset are all treated as zero trust.
> 
> I was thinking of situation when the key is identified to deliberately make
> false signatures (on keys with bogus IDs).

Even then, zero is better than negative.  Otherwise there is an attack
where Mallory makes a key, and starts making bad signatures on bogus
IDs.  Once everyone marks the key with negative trust, Mallory signs
some genuine keys with this "poisoned" key.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson