signing a robot's key - was: Re: Global Directory signatures

Kyle Hasselbacher kyle at
Thu Dec 30 22:35:05 CET 2004

Hash: SHA1

David Shaw wrote:

| Still, how would you go about checking the identity of a key that
| identifies itself only as "PGP Global Directory Verification Key" ?  I
| can certainly understand that you signed the Robot CA key, but signing
| the GD key seems to be a leap of faith rather than actual hard
| knowledge.

Yes, it would be.  All I could do is verify that it APPEARS to work as
advertised.  Its functionality IS its identity, in my opinion, but I can see
there are dueling interpretations here:

* I made it and called it "Robot CA".  Therefore, it is "Robot CA".  Only I,
its mighty creator, can verify its identity.  The rest of you have to take my
word for it.

* It is called "Robot CA" and it performs within the definition of "Robot CA"
that I agree with.  Anyone satisfied with the performance can verify its
identity.  Satisfaction comes through software testing instead of "testing"
an official document of some kind.

I take the latter interpretation.  It's fuzzier, but I think it conforms
better to how I already think of signatures.  As such, even my own signature
on my own Robot CA is a matter of some faith (that it's bug-free, nyuck nyuck
nyuck).  I can't test the GD as a user the same way I tested RCA as an
operator, so there would be more faith involved in that signature, if I ever
made one.  I consider that similar to the extra faith involved in signing a
key named "Fred" when the state-issued ID says "Frederick".


Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird -


More information about the Gnupg-users mailing list