Delete key from keyserver

markus reichelt ml at bitfalle.org
Sat Oct 22 23:12:01 CEST 2005


* zvrba at globalnet.hr wrote:

> On Sat, Oct 22, 2005 at 07:31:54PM +0100, Neil Williams wrote:
> > 
> > That is exactly my point, NOBODY should rely on ANY of that information to 
> > identify a key. The only identifier for a key is the fingerprint. You MUST 
> > verify the fingerprint with the person and only then can you be sure that the 
> > key is for that person.
> >
> > The web of trust enables such verification - if you can't meet me in person, 
> > you can verify my key by having your key signed by someone who has met me 
> > (there are lots).
> > 
> > Until that happens, you have no way of trusting that this key belongs to the 
> > named person. None. The signature simply means that the message has not been 
> > tampered since being signed.
> > 
> 
> I have few objections to this.
> 
> 1. meeting in person is not scalable. having to meet in person (or even
>    hear each other over the phone) everyone that I want to communicate
>    with is a hassle.

of course it's not scalable. the web of trust exists for a reason :)

everything comes at a price. that's why there are key signing
parties, to meet and exchange signatures; that would not have
happened under normal circumstances. after having been on some key
signing parties, that all follow the same basic procedures (check key
ID & the identity of its owner), i can only recommend to attend one.


> 2. WoT is problematic in that it is very sparse. For example, try to
>    find a path from my key by which I've signed this mail to somebody
>    you trust. My problem is that I can't find another GPG user whom I can
>    meet in person and arrange key signing.

well, the WoT clearly indicates that one should not trust a key until
one can resonably sure by means that oneself deems fit. one just does
not have to find a complete link; to some extend, one just has to lay
emphasis on "trust". the level of signature, in my point of view,
emphasises this issue.

f.e. real life people use key signing robots. i don't, cos i only
sign keys of real people. i distinguish between having met in real
life, having verified one's identitiy in best possible terms
(resulting in level 3 sigs) and level 2 sigs that sufficiently match
my criteria for signing. 

http://bitfalle.org/keys/gpg-key-signing-policy.php

level 2 signatures don't require having met in person. there are
schemes to sufficiently prove the signee's identity.


> And the final 'objection' is more of a philosophical one: what is
> IDENTITY?  If I know a person only by email, then that email *is*
> the person to me. And I know many people just by email and we are
> probably never going to meet IRL, except for some strange
> coincidence.

well, to some extent one has to make a compromise. for that reason
key signing policies exist. check the web and create your own. i'm
sure there you can exchange key fingerprints over the telephone :)
and i encourage you to use that feature. 

keep in mind that it's totally up to yourself with which level of
signature you sign a key. however, i strongly suggest cross-signing.


> Imagine a situation like this: suppose that, hypothetically, I find
> two different keys on the key server named to "Neil Williams
> <linux at codehelp.co.uk>", each with some number of signatures (let's
> say almost equal). If none of these keys has a path of signatures
> that leads to some person that I personally trust to sign keys
> properly.. how am I to decide WHICH of these keys is the "real"
> one?

imagine you would find two telephone numbers listed in a directory
under the very same name. how are you to decide which one of these
numbers is the correct one? the number of ppl also listing one number
in a commercial directory, e.g. "having conducted successfull
business with" is equal. again, what would you do?

you can't solely rely on email. period. one just has to resort to
some sort of instant communication. be it classical telephone,
instant messanger, whatever. even snail mail might do the trick for
you.... you chose. you sign. it's your call.


> And most of the time I'm not really that concerned about
> communicating with "the real" Neil Williams, but more with the fact
> that some set of mails came from the *same person* that happens to
> (rightfully, or not) claim that his name is Neil Williams.

geez...

well, let's ignore this one for the sake of key signatures, will you?
a good sense of paranoia is good, but it really can be distracting
sometimes...

-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20051022/265c9fa6/attachment.pgp


More information about the Gnupg-users mailing list