gpg for anonymous users - Alternative to the web of trust?
adrelanos at riseup.net
Fri Mar 29 19:17:42 CET 2013
> On 3/29/2013 9:38 AM, adrelanos wrote:
>>> Forgive me for saying so, but for something as high-profile as a linux
>>> distro, using a pseudonym for signing the distro for the sake of
>>> anonymity doesn't sound like a great plan.
>> What's the alternative? Using my real identity? Does it make it any safer?
> Using your real identity would be the alternative. The trade-off is
> easier key signatures vs. identity obscurity.
> It would only be safer in
> the sense that there won't be a scandal when/if your identity is
Why would that be a scandal? I've never claimed to be superior, perfect
or acted otherwise arrogant about being super secure. Neither I claimed
Whonix to be an unbreakable system. The claims the system makes are
modest. Discovering me as high profile target (if I become that) would
only demonstrate the limits of the system, show mistakes one can make
and/or and show which improvements are waiting to get implemented.
If one system fails, another one may get born and I am glad if I can be
a part of this process of innovation.
I think things like NSAKEY  ought more to be a scandal, not many
people did care, did they?
> Odds are, it won't be a big deal to many people,
> realistically--but you never know what the future holds, right?
> As long
> as you are comfortable with any possible future implications, then go
> for it.
>> I am more interested in development and documentation rather than
>> building binaries, testing and uploading. Having deterministic builds
>> and/or some creditable individual or organization (such as eff) creating
>> binaries, signing an distributing more than welcome, but at the moment
>> there is no implication that someone will step forward.
> The web of trust is simply a conventional way for people to judge how
> trustworthy your key is. Nothing more, nothing less. If you can
> establish that trust some other way, then don't worry so much about the
> web of trust. That's my opinion. No one is going to beat down your door
> to sign your key, you'll have to ask them to do so. You can go to
> key-signing parties and explain that your only purpose for the key is
> signing the distro, and you'll probably get a few takers. The
> alternative is, have an online keysigning party with all of the
> developers of your distro, and everybody signs everyone else's key.
> Or alternately you, as the distro manager, sign the keys of all your
> lieutenants, and then they sign yours, plus all of their subordinates.
> Then your key signatures would match your chain of command, and it would
> actually work the way a web of trust is supposed to work. (that is, even
> though you might not know their subordinates, you trust your
> lieutenant's signatures, and therefore can consider their subordinates'
> keys to be valid.) At that point, as far as the outside world is
> concerned, you are deeply connected to the project, and it is reasonable
> to trust that your key is valid, within it's context. And /within/ the
> distro's community, your key would be pretty solidly trusted, I'd say.
Thanks for the suggestions. At the moment this won't work for my case,
there is just one maintainer (me) and users. The other creators remained
anonymous as well and lack time.
More information about the Gnupg-users