Signing people with only one form of ID?

Nicholas Cole nicholas.cole at gmail.com
Sun Mar 2 11:00:56 CET 2008


On Sat, Mar 1, 2008 at 11:46 AM, Richard Hartmann
<richih.mailinglist at gmail.com> wrote:
> On Fri, Feb 29, 2008 at 6:40 PM, Brian Smith <brian at briansmith.org> wrote:
>
>
>  >  > The basic assumption is that a key signing is good and that
>  >  > you actually gain something from it.
>  >
>  >  That is the assumption that I am challenging.
>
>  You are not challengging the assumption, you are attacking the
>  implementation :)

Well, let me attack this problem from another position.  :-)

I think we need to remember what the purpose of a signature on an
OpenPGP is.  It is there, first and foremost, to tell the computer
"Yes, you should be happy encrypting to this key", for the purpose of
avoiding Man in the Middle attacks.

(And - as an aside - the purpose of OpenPGP is to make email and other
electronic communication on the internet more secure).

One of the early mistakes I think the _documentation_ of PGP made was
to suggest that one day we might all live in a world where keys would
be selected automatically from keyservers, with no effort on the part
of the user, and with almost total security.  It is with such a dream
in mind that people set up key servers, go to key-signing parties and
the like, and start worrying about how many passports they need to see
before they sign a key.


Actually, such a world is probably not possible. But for private
users, most of the time, the most important thing is still to check
the fingerprint of the key with the intended recipient of secure
communications.  It is, actually, simple.

But that does not mean the web of trust is useless - far from it.
OpenPGP lets you represent all sorts of trust models: you can choose
trust the root key of a company, university or computer software
project, and thereby "trust" all of the people involved in that
organisation, for example.

But I've never been convinced that the search for the "right" level of
id to demand before signing a key is right, nor that going to random
keysignings is very useful.

OpenPGP can only represent "trust" that already exists.  And the truth
of the matter is that if I have just met a chap in a bar, I am
unlikely to "trust" him to sign any more keys for me, no matter how
much he tells me he always looks at passports.  So even if I signed
his key, I probably wouldn't then trust him to sign other keys that I
depended upon.

Sorry - that was rather more than I meant to write.  Take home
message: use OpenPGP to represent "trust" relationships that make
sense for your situation, and don't worry about an ideal standard,
because one doesn't exist, shouldn't exist, and probably couldn't ever
exist.  ;-)

(I am reminded of this cartoon:  http://xkcd.com/386/ )

Best,

N



More information about the Gnupg-users mailing list