Robots in the WoT (clean version)
Wed Jun 25 23:28:01 2003

Hash: SHA1

My problems with a robot are the following:
(please forgive the mixing of quoted replies)

I cannot trace a path from one person to another. For example, 
I could email or call every person in the path and verify that they 
actually signed the next person's key, if I so desired. When I get 
to the robot, the actual dynamics of what has happened changes 
drastically. Rather than a person making a face-to-face (hopefully) 
contact and manually signing a key, a computer program automatically 
creates the signature. How can I verify that it acted correctly?

Another problem is that the robot quickly becomes a "short cut" 
path through the WoT. Was there another way to reach this user 
through the WoT? I don't know, but I would like to. While the 
robot provides a semi-useful piece of information (the email maps 
back to the key), I would much rather see another person-to-person 
map from one key to another.

A final problem is that I have no way of knowing what the criteria 
is for the robot. How secure is it? What if somebody breaks into the 
server and bypasses the check before having the key signed? How would 
anyone know? If someone were to steal my key and somehow signed another 
key, I could definitely recognize and dispute the signing if it were 
brought to my attention. Even the author of the robot cannot guarantee 
that every signature corresponds to a valid email.

> While I like the idea of the global WoT and I like the keyanalize ranking, it 
> is really just a game and doesn't have anything to do with trust management. 
> Actual use of gpg for private communication requires a personal decision whom 
> to trust - so, if you want to remove the robotCA key from your personal WoT, 
> there's nobody telling you not to.

I do not have the entire strong set in my personal keyring :), so I like to 
use tools like these to see if there is an existing path from one 
key to another. I would like the option to exclude robots from the online 
version of the trace program. Even better would be a showing of the trust 
level of each signature. Sure, they mean different things to different 
people, but it's a start. :)

> NB:  biglumber users know that sloppy "at" maps to
> 0x01A50ED0314A30F8B8995854C8877F5A42473204 as long as we can trust Greg,
> Greg's code, and that has never been compromised.

Biglumber has never tried to be an authority on anything, please do not 
mistake it as so. :) It merely facilitates keysignings, but in no way 
guarantees the validity of the keys. Keys cannot be added to Biglumber until 
the email is confirmed, but as a non-intelligent, automated system, this 
information should be used as a supplement to more formal checks.

> In fact, I prefer keys that are listed on biglumber, signed by Robot CA,
> and have signatures based on in-person meetings.

I don't mind seeing keys signed by the robot(s), I just don't like them 
showing up in WoT tracings.

- --
Greg Sabino Mullane
PGP Key: 0x14964AC8 200306251718