signing a robot's key - was: Re: Global Directory signatures

[David Shaw]

On Sat, Jan 01, 2005 at 01:03:59PM +0100, Jeff Fisher wrote:

> However, for key CA57AD7C, the only bit of information on the key
> is: "PGP Global Directory Verification Key."  To verify this, you
> only need to confirm that it is fulfilling this role.  Indeed, there
> is no way that meeting someone in meatspace can confirm this,
> without that person abusing the intended role for this key, thus
> eroding trust in it.  In the above case, if they key had said only
> "GnuPG release signing key", and had a history of signing the gnupg
> releases, that would be the only verification needed to identify the
> key as what it purportes to be.  Verifying that person X has control
> of this key is superfluous to verfifying it's role.

This is a general problem with signing any key that does not have a
direct mapping to a human being.  I did not give a good example of the
problem by citing keys that do have direct mappings to human beings.
So let me use your example of the GD key:

For me, refusing to believe it is the "real" GD key is fairly silly,
of course, not least because its action is very obvious.  We can all
see the signatures it issues.  It's available on a few web sites.
Heck, it even *comes with GnuPG* as one of the sample keys.

However, personally believing this key is the right one, and being
willing to testify to others that this key is the right one is not the
same thing.  It's a fine point.  I do not wish to give the impression
that I am right and others wrong in drawing this point here.  The
existence of the "ownertrust" concept in the web of trust speaks to
the varying opinions about when to sign.

For me, signing the GD key without some higher level of proof (and it
is not clear what that could be for a key that does not identify a
human being), would be akin to signing a key because someone else I
knew signed it.

David