signing a robot's key - was: Re: Global Directory signatures

Neil Williams linux at codehelp.co.uk
Sat Jan 1 21:33:56 CET 2005 

On Saturday 01 January 2005 6:00 pm, Jeff Fisher wrote:
> For me, in this case, the key and the role are the same thing.

That's the problem, right there. A signature is not for YOUR benefit! You need 
to take on board how signatures are used by others. To others, the key and 
the role, the key and the person, are completely separate.

> The key 
> only exists for the role, and the role can only be effectively done by
> using a key. If you trust the key to do the role, then I see a very small
> difference between trusting it personally and telling your neigbor that you
> do so.

There's a massive difference between trusting someone individually and 
declaring to the world that you have proof of that trust.

Besides, it's not just your neighbour, it's me.
:-)

>
> My opinions on key trust:
>
> If it is just used for e-mail, then I only care that the key matches the
> e-mail address.

You've lost the plot again!! :-)

A signature is not for your benefit - it's done for the benefit of others so 
you have to disregard any notion of how YOU expect the signature to be used!

The capacity is NOT in the system to say that your signatures should always be 
untrusted - basically because the system is of the opinion that untrustworthy 
signatures shouldn't be made in the first place!
:-))

> The only keys trusted as introducers on my keyring are the 
> ones that verify this.  Had I met the person at a conference or at a
> training course, I would demand no more than that -- they are in the same
> class or conference because they are physically present.  Beyond that, they
> can call themselves almost any name they want, as I am not trusting them
> with anything that depends on their name.

?? OK, if you haven't verified photo ID and their fingerprint, I think I 
understand that, and agree.

>
> However, if it is used for business / transactions, then I will not trust
> anything but personally verifying the identity of the key, or a trusted
> third party doing the same (but not through key signing).  For the ssl

Leave x.509 out of this - it doesn't apply to the issues.

The confusion is about keysigning of individual keys that are used by 
machines. Never sign them!

> example in another e-mail, this is getting the URL for the bank from their
> literature, or a similar method.  If they used pgp, I would get the
> fingerprint from their brochure.

??? I hope you are not saying you'd make an exportable signature on their key 
on just that basis???

If you have to trust that key and REALLY feel you *can*, make a LOCAL 
signature and it won't be exported.

Local signatures can be for your benefit. Normal (exportable) signatures are 
for the benefit of the rest of us.

>
> While gpg is a great tool for encrypting and verifying e-mail, I don't put
> any more trust in the WoT than I would had I met the same people on the
> street.

Fine - that's how we all deal with it. I trust only those I've signed and some 
of the ones that those people have signed, depending on an assessment of how 
careful the person is at verifying keys and people.

> If I don't know someone personally, I wouldn't trust them to vouch 
> for another person.

Absolutely correct.

I trust Philip Hands because I've met him, verified his photo ID and his email 
and his fingerprint. He's done the same with me and my keys. Philip has 
signed other people (lots and lots) but a lot of those I never need to 
contact. If I do, then Philip's signature on their key does mean that I can 
trust their key for email encryption. (I don't send really sensitive stuff).

I would never trust someone else who was signed by someone signed by Philip. 
i.e. this is a one-level thing: I trust Philip, I trust those he's signed but 
I can't trust *those* people to verify keys when they sign.

The WoT is not about trusting the entire strong set. Out of 24,000 keys in the 
strong set, I trust maybe <100. I've met 22.

> For the record, the only keys I have non-locally signed keys of close
> friends.

I only have keys at full trust if I've met them and signed their key, plus one 
or two who have been signed by those that I already trust. All the keys from 
this list that get pulled in on --auto-retrieve get cleared out each month 
with a nice little cron task.

> For the rest, I have only signed them locally to get rid of the 
> 'untrusted signature' message (they've sent 20 messages that verified good,
> they must be doing something right)

Hmm, that's not my take on it, but hey, those are local signatures so I really 
don't care what you do with those.

> , or in the case of Robot CA's, to mark 
> them as trusted introducers.  My setup probably needs some tuning to verify
> this is working correctly, but as stated above, I won't trust anything
> sensitive to pgp unless I really trust the person, and have personally
> verified the key.

Fine - so why are we discussing this at all??

You use local signatures for times when you want to trust someone that gpg 
cannot trust directly, you only trust other keys when you know the person, 
where is the problem?

Just keep to local signatures and don't send unverified signatures to 
keyservers.

Easy.

> I would have no problem publicly signing a Robot CA key,

Ah, now that's where we differ. Please, consider only using a local signature 
if you really must sign any robot key or the PGP GD key.

You cannot prove to me that you verified the PGP GD key so your signature on 
that key would automatically be untrustworthy.

Only those who work with the people who have access to the secret key for that 
key should sign it. Anyone else is free to sign it locally. That's my view.

> but because I 
> wouldn't trust an unknown third party (and thus assume others are similar),
> I haven't seen much utility in doing so. If I believed anybody out there
> had any trust in my key, then I would publicly sign them; of course after I
> had verified they were working as advertised by having a key signed by
> them.

I hope you'd do the full keysigning protocol of verifying the identity of the 
person too! If it's someone you don't already know, you really need to see 
photo ID, get a printed copy of their fingerprint face to face and verify 
their email address.

>
> For those who've gotten this far, how many would or would not trust the WoT
> (meaning beyond a friend/aquaintance, or beyond someone vouched for by a
> friend/aquaintance) for transactions involving money or sensitive
> information?  I'm curious if I'm just to cynical or paranoid.

Your paranoia is unlikely to be darker than mine.
:-)

The WoT is not a take-it-or-leave-it all or nothing construct. You retrieve 
those keys that you know belong to people you already trust. You set your 
personal trust level to tell GnuPG how much you trust that person to verify 
someone else's key and ALL other keys, if you don't know the person, tell 
GnuPG "don't know". There's an option in the trust that explicitly uses 
"don't know". It's not a cop-out, it is a vitally important setting.

-- 

Neil Williams
=============
http://www.dclug.org.uk/
http://www.nosoftwarepatents.com/
http://sourceforge.net/projects/isbnsearch/
http://www.williamsleesmill.me.uk/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050101/9d173465/attachment-0001.bin

More information about the Gnupg-users mailing list