Using root CAs as a trusted 3rd party
mailinglisten at hauke-laging.de
Wed Jan 25 02:24:16 CET 2012
Am Dienstag, 24. Januar 2012, 22:10:35 schrieb Faramir:
> > This is why OpenPGP implementations have trust settings. If Bob
> > trusts Trent's assertions, then he can give Trent full trust and
> > Bob's implementation will believe that Alice's key belongs to
> > Alice. There's no need to sign the key.
> But Charly doesn't have Trent's key in his keyring, he doesn't even
> know about Trent. So if Bob doesn't sign Alice's key, Charly won't
> consider it valid. He will see the signature issued by an unknown key
> (Trent's), and that is all.
You completely change the semantics and use of the web of trust. IMHO that
cannot be good.
Charly can check all keys of the unknown signatures. After downloading Trent's
key he finds Bob's signature and can make a decision about the trust path.
Network systems like the web of trust can only work of all (or: most) people
act in the same way. Do you suggest that every key gets 90 instead of (I
guess) today's 10 because everyone signs his (trustedly) indirect contacts?
Without any chance to tell direct and indirect signatures apart?
What about revocations? Let's assume that Trent revokes his signature for
Alice. Is Bob going to check that regularly? Probably not. Then Charly would
trust the key due to Bob's signature though Bob himself does not trust it any
more! At least not when thinking about it. And as Bob's signature does not
even tell a third party which direct(?) signature made him certify the key,
the third party cannot check whether the respective certification has been
This behaviour would kill both trust depth and signature counting. A
configuration like "Trust the key if it has five maginally trusted
certifications" does not make any sense any more if one signature can become
five that easily by everyone making indirect certifications. How can Bob know
whether Trent has really verified the key or just certified it because he
found a signature by Peter?
This is neverending. In the end probably every key in the wild would be
certified by ALL active keys. Why? Because most OpenPGP users should be
connected somehow (no matter how many levels in between) and the result of
such behaviour would be a flat signature space. Terrible. The value of a
signature would drop to nearly zero (without checking for a policy URL and the
policy description there).
Is that what you want?
This would not be a problem at all if the meaning of a certain signature would
be clear. As I mentioned several times in earlier threads I would love to have
a standard set of detailed signature notations for explaining the meaning of a
certification (because applications could be configured to treat standardized
notations differently). One of the notations could be direct vs. indirect.
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users