trust your corporation for keyowner identification?

Leo Gaspard ekleog at
Wed Nov 6 23:28:35 CET 2013

(Sorry, failed again to reply to the list, so you probably have this message
twice again.)

On Tue, Nov 05, 2013 at 05:32:38PM -0800, Paul R. Ramer wrote:
> >On Tuesday 5 November 2013 at 11:03:19 PM, in
> ><mid:52797937.5090404 at>, Paul R. Ramer wrote:
> >
> >> But if you sign it with an exportable
> >> signature, you are saying to others that you have
> >> verified the key.
> >
> >In the absence of a published keysigning policy, isn't that an
> >assumption?
> Signing is to be an attestation to the validity of the key. [...]

Well, thus my reasoning (last message) allows me to prove that I can have the
same level of confidence in Key 2 than in Key 1, even though I have not done
again all the steps of verification.

Thus, signing being an attestation of the validity of the key (I assume you
meant of the confidence in the validity of the key), why should one sign Key 1
and not Key 2 ?

For the same reason, signing (and exporting signatures) based on people I
blindly trust is not an issue to me. (I know, I just released the troll.)
Because if I blindly trust these persons, I believe with absolute certainty that
the person is who (s)he says (s)he is. And so I can announce this certainty by
signing the key. (I use the term blindly to mean even more than the technical
"ultimately", as this one could be expressed using trust signatures. Just really
blindly trust, as when you would let them to decide your fate, knowing they
could be better off by sending you to hell.) Of course, if I sign the key only
because it is validated through technical means, not by hand-checking for a
signature from a blindly trusted owner, I would never sign that other key.

The fact that others could get just the same effect by twisting their WoT
parameters is not an issue to me. Firstly, because there are few trust
signatures (according to best practices I read, that said trust signatures are
mainly made for closed-system environments), so WoT rarely expands outwards of
one signature by someone you know. But mostly because signing is an attestion of
your belief someone is who (s)he is. Thus, if you believe someone is who the UID
states (s)he is as much as if you met him/her in person and followed the whole
verification process, I would not mind your exporting signatures of the key.

And saying that it allows the blindly trusted person to force you to see a key
as validated through three persons you marginally trust is meaning nothing to
me. Indeed, these three persons are all asserting they believe with certainty
that the key owner is who (s)he says (s)he is. That all used the same
information source is just commonly done.

Indeed, how do you check an identity ?
 * Name : Passport. Any government could make a passport as wanted, not even
          speaking about forgery. Thus everyone you know who signed some UID
          probably based their verification work on a single passport.
 * Comment : Depends of the comment. For "CEO company X", it is probably based
             on public archives. Them referring to a person by his/her name, any
             forged passport also means forged name.
 * Email : Probably a mere exchange of emails. Thus, anyone doing MitM could
           intercept the exchange and reply so as to make you validate the key,
           and even without MitM, the email provider could do as well.
Every time, the certainty of the UID element is heavily dependent on other's
work. Thus, why should we refuse to base our work on other's signatures ?
(*assuming* you believe in the UID validity as much as you would have done using
full verification)

I just found a "counter-example" : in case the message (signed by Key 1) telling
owner of Key 1 is owner of Key 2 is signed by a subkey, which might have been
compromised. However, I assumed such a message would only be sent signed using
the master key, as it must be totally relied upon. Thus, anyone able to forge
such a message would be able to forge any message using the master key, and
especially to add new encryption subkeys... Thus, such a scenario is not a
threat IMHO.



More information about the Gnupg-users mailing list