Questions about generating keys
Robert J. Hansen
rjh at sixdemonbag.org
Sat Aug 25 23:15:08 CEST 2007
Oskar L. wrote:
> The point of certificates is for you to be able to verify that you
> are on the site you think you are, and not a fake one.
Yes--which involves trust. Do you trust the certificate authority? Do
you trust that the site in question isn't trying to scam you? Etc., etc.
Trust lies at the root. Always.
> To say that a site isn't authentic because you don't trust the
> information on it or the people that run it makes little sense.
If I actively distrust the people who are providing me with information,
that's much more fundamental than actively distrusting the information
itself. Failing to trust information because I actively distrust the
people involved in its production and conveyance makes a heck of a lot
of sense to me.
And without that fundamental trust, there is no possible authentication.
Trust lies at the root. Always.
> Is politician X's site authentic because we agree with him/her, but
> politician Y's is not, because we disagree with him/her?
If you think disagreeing with someone is the same thing as actively
distrusting them, I feel sorry for you. It is a very poor way to live.
> Mallory can never be unauthentic, only someone pretending to be her
> can.
Clearly, I've had the misfortune of knowing worse sociopaths than you have.
> Anyone can tell you they are Trevor. If you visit him authentication
> is easy, you recognize him by his looks, the sound of his voice etc.
> Crypto makes authentication over the Internet possible.
How do you know he's Trevor?
How do you know he is who he says he is? How do you know he's not
impersonating someone named Trevor?
How do you know you're not being taken for a ride?
How do you know you can trust yourself?
> "I just do, all right?"
>
> That's not a good answer. It offers no facts or logical reasoning.
Great. Prove that you exist. Offer facts and logical reasoning that
affirms your own existence. Keep in mind that you can't argue using
facts from existence itself, since that reduces down to an assumption of
a fact not in evidence--that existence exists.
Philosophers have been wrestling with this for a few thousand years,
from Rene Descartes' brain-in-a-jar to Gregory Chaitin's holographic
universe to--I'm blanking on his name, but a philosopher was once asked
to refute solipsism and did so by kicking a rock very hard. While
hopping around on one foot and cursing, he exclaimed "I refute it thus!"
Epistemological reasoning aside, declarative truth lies at the root of
every piece of inductive logic. In mathematics, they are called axioms.
Take Euclidean geometry as an example: take the most convoluted
construction in Euclidean geometry and you will reduce it down to the
handful of axioms Euclid declared, such as "parallel lines never intersect".
Why do parallel lines never intersect? Because Euclid declared they
never intersect. Declarative truth--an axiom.
By definition, axioms offer neither facts or logical reasoning. They
simply exist. "I just do, all right?!" is the root axiom of trust.
> If a company tells you their products are the best, and you ask them
> why, would you be satisfied if they answered "they just are, all
> right?"
Why do you think that authenticity is universal?
It's not. You don't get any say over whom I trust or to what degree.
That has some real significance for signatures.
Alice: You can trust this message from Charlene. She signed it.
Bob: Err--why should I trust her signature?
Alice: Because I verified her key. So the message has a sig, the sig
came from a key, the key has sigs on it, each sig came from a
key, one of those keys is mine. Perfect chain of trust. There,
see? Charlene's message is authentic.
Bob: ... who are you, and why do I care if your signature is on
Charlene's key?
Alice: ...
Bob: ...
Alice: ...
Bob: Right. Well, have a nice day!
Trust is a very personal decision. If I choose to be satisfied by the
company's declaration, that's my business. If I choose not to be
satisfied, that's my business.
> "I believe X to be authentic, because I note it has Y which vouches
> for it."
>
> That's logical reasoning, but leaves the question of why you trust Y
> unanswered.
Yes. Inductive proofs are like that. You reason by inductive steps
until you reach a basis case. It's rather a lot like my instructions
for how to climb down a ladder:
1. If you're on the ground, stop.
2. Otherwise, move down a rung and climb down from there.
The fact that inductive cases are not basis cases--and likewise, the
fact that basis cases tend to be axiomatic--is so obvious that I'm
having great trouble seeing what you're getting at.
> -This thing is authentic, because I have verified it myself.
You're begging the question.
Why is it authentic? Because you've verified it yourself. Why does
that make it authentic? Because you trust yourself. Why do you trust
yourself? Because you just _do_, all right?
> My ability to look at the fingerprint on a paper, and compare it to
> the on on the screen, is something I'm completely sure I'm capable of
> doing correctly, so therefore I call a key I have verified authentic,
> not trusted.
You're trusting that you're not suffering from untreated schizophrenia
or other mental illnesses that would massively impair your ability to
make rational judgments.
You're trusting your eyes.
You're trusting that your PC is displaying the information accurately.
Your trust here is so implicit that you deny it even exists--but trust
lies at the root. Always. If root trust is not present, there is no
possibility of authentication. Ever.
... At this point, Oskar, I have explained this as thoroughly as I can.
In fact, I think I've probably overexplained it substantially, and in
the process annoyed the living daylights out of several people on this
list who just wish this thread would end.
I am not going to respond to this any further. Please take your last
shot at it and let's put this to bed so that the list can return to its
usual state of happy quiescence.
More information about the Gnupg-users
mailing list