Using root CAs as a trusted 3rd party

Hauke Laging mailinglisten at hauke-laging.de
Wed Jan 25 02:24:16 CET 2012


Am Dienstag, 24. Januar 2012, 22:10:35 schrieb Faramir:

> > This is why OpenPGP implementations have trust settings.  If Bob
> > trusts Trent's assertions, then he can give Trent full trust and
> > Bob's implementation will believe that Alice's key belongs to
> > Alice.  There's no need to sign the key.
> 
>   But Charly doesn't have Trent's key in his keyring, he doesn't even
> know about Trent. So if Bob doesn't sign Alice's key, Charly won't
> consider it valid. He will see the signature issued by an unknown key
> (Trent's), and that is all.

You completely change the semantics and use of the web of trust. IMHO that 
cannot be good.

Charly can check all keys of the unknown signatures. After downloading Trent's 
key he finds Bob's signature and can make a decision about the trust path.

Network systems like the web of trust can only work of all (or: most) people 
act in the same way. Do you suggest that every key gets 90 instead of (I 
guess) today's 10 because everyone signs his (trustedly) indirect contacts? 
Without any chance to tell direct and indirect signatures apart?

What about revocations? Let's assume that Trent revokes his signature for 
Alice. Is Bob going to check that regularly? Probably not. Then Charly would 
trust the key due to Bob's signature though Bob himself does not trust it any 
more! At least not when thinking about it. And as Bob's signature does not 
even tell a third party which direct(?) signature made him certify the key, 
the third party cannot check whether the respective certification has been 
revoked.

This behaviour would kill both trust depth and signature counting. A 
configuration like "Trust the key if it has five maginally trusted 
certifications" does not make any sense any more if one signature can become 
five that easily by everyone making indirect certifications. How can Bob know 
whether Trent has really verified the key or just certified it because he 
found a signature by Peter?

This is neverending. In the end probably every key in the wild would be 
certified by ALL active keys. Why? Because most OpenPGP users should be 
connected somehow (no matter how many levels in between) and the result of 
such behaviour would be a flat signature space. Terrible. The value of a 
signature would drop to nearly zero (without checking for a policy URL and the 
policy description there).

Is that what you want?


This would not be a problem at all if the meaning of a certain signature would 
be clear. As I mentioned several times in earlier threads I would love to have 
a standard set of detailed signature notations for explaining the meaning of a 
certification (because applications could be configured to treat standardized 
notations differently). One of the notations could be direct vs. indirect.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120125/72838db4/attachment-0001.pgp>


More information about the Gnupg-users mailing list