hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Sat Mar 12 22:23:08 CET 2011

Hash: SHA512


On Saturday 12 March 2011 at 8:22:06 PM, in
<mid:4D7BD5EE.80301 at sixdemonbag.org>, Robert J. Hansen wrote:

> On 3/12/2011 1:05 PM, MFPA wrote:
>> How does the WoT idea require me to know the names or email addresses
>> associated with the keys in the trust path? The text strings in User
>> IDs do not feature in the trust calculation.

> Yes, in fact, they do.

> In my past, there's an ex-CEO whom I'll just call
> "Ben."  Ben made some really astonishingly bad
> decisions that put him in prison for eighteen months,
> and left me with a permanent distrust for him.  If I
> see Frank has signed Ben's certificate, and I trust
> Frank, am I going to trust Ben?

> Of course not.

Presumably GnuPG factors this into the trust calculations by virtue of
the trust level you have assigned to Ben's key, not by parsing his
User IDs.

> Trust is not transitive.  If A trusts B and B trusts C,
> there is no requirement that A trusts C.

In real life, true. But what about the GnuPG default of trusting a key
that carries certifications from 1 fully trusted or 3 marginally
trusted keys. Unless you manually inspect each trust path, how would
you spot unknown keys from past real-life associates you distrusted?

> In fact, if
> it turns out A knows C, transitivity can break
> completely.

Indeed, if you know that a certificate belongs to somebody you
actually know, trust *calculations* are irrelevant. Of course you
might trust somebody's security procedures and keysigning policy but
wish to keep your valuables or your wife well away from him.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

A picture is a poem without words


More information about the Gnupg-users mailing list