trust your corporation for keyowner identification?

[Peter Lebbing]

On 06/11/13 23:28, Leo Gaspard wrote:
> The fact that others could get just the same effect by twisting their WoT 
> parameters is not an issue to me. Firstly, because there are few trust 
> signatures (according to best practices I read, that said trust signatures 
> are mainly made for closed-system environments), so WoT rarely expands 
> outwards of one signature by someone you know.

Let's leave trust signatures out of the equation, it makes it a lot more
complicated and they are rarely used. I also don't see the relation between the
statements in this quote here.

> But mostly because signing is an attestion of your belief someone is who 
> (s)he is. Thus, if you believe someone is who the UID states (s)he is as
> much as if you met him/her in person and followed the whole verification
> process, I would not mind your exporting signatures of the key.

I get the feeling you're partly responding to my adamant statements earlier, but
you're confusing the situation I was responding to.

I think you're saying: Person X tells me their key is K1. I blindly trust person
X, and I know for a fact that person X was the one who told me K1 is his key.
That is, you were in the same room, or you recognised their voice on the
telephone, or something similar. This is acceptable to many people as a
verification.

But this is not the situation I was talking about. It's this:

Person X (having key K1) has signed key K2, asserting that it is held by Y.
Since you blindly trust X, you can assign him full (or hell, ultimate if you
prefer) ownertrust, and key K2 is valid for you. You don't need to sign K2
anymore, because it is already valid since you expressed your trust to GnuPG,
and GnuPG uses it to validate that it belongs to Y.

Now, what Stan Tobias appeared to want, is sign key K2 himself, probably to
express to others in the Web of Trust that he believes K2 to be valid. But this
doesn't add any additional verification of key validity to the Web of Trust,
it's noise. Because anyone else can look at the signature made by X, and decide:
I trust X fully as well. They assign full trust to X, and K2 becomes valid.

Let's get back to ownertrust: in the Web of Trust, ownertrust is an expression
of how well you think other people verify identities before they sign a key. If
you sign key K2 based on X's signature, you haven't verified Y's identity.
You've probably verified X's identity, but not Y's. So you shouldn't sign K2.

You might believe Y when he or she walks up to you and says: my name is Y and K2
is my key. But that is not what happened; X said: K2 is Y's key. Y didn't say
anything to you, let alone that you verified it was actually Y talking. That's
the absolutely necessary part of verification: you believe that it was actually
Y that told you K2 is theirs. Just believing K2 is Y's key is not verification;
it's key validity.

I'll give an example.

In the Web of Trust, key validity is a thing that can gradually build up until
it passes a certain point where we say: I have so much proof that it appears to
be valid, that I conclude it's, within reason, valid. This is why you have
"completes needed", "marginals needed", and "max cert depth". The latter says:
once we pass a certain depth, my proof of identity becomes so indirect I don't
wish to trust that information anymore. I will paint a picture with the default
settings, completes 1, marginals 3, max depth 5.

Suppose A has signed B. There are three people C, D and E, who have full trust
in A. They do what I'm arguing against: they sign key B as well, based on their
trust of A.

Now I come along. I actually have key A valid as well, but quite indirectly: it
is at level 4. I know A, but ownertrust is very personal. I think A does an okay
job of verifying identities, but not to the rigorous level I personally demand.
I work with pretty sensitive stuff, and my standards are high (I'm painting a
picture here, not describing reality). So I assign him marginal ownertrust. Now
what I would expect, is that I need some more signatures, and B will become
valid at level 5, the level where I have configured GnuPG to say: okay, this is
deep enough, I will not take into account B's signatures on other keys because
the proof becomes too indirect.

However, I also know C, D and E, signed their keys and assigned them marginal
ownertrust because I was under the impression they also verify identities pretty
well. I don't know that they go around signing keys based on other people's
signatures.

C, D and E are thus at level 1 in my web. They all signed B's key, so I think:
that's reasonable proof that B is valid. Not only do I think that, so does
GnuPG. It leads to B's key being valid at level 2. B can have another few levels
of indirection before I consider the path too long. In fact, for signature paths
through B, it effectively just changed my "max cert depth". B belongs at level
5, because the proof of validity is very indirect in my *own* web, but he's at
level 2, so my "max cert depth" has effectively become 8 instead of 5 for paths
through B.

Furthermore, what does my Web of Trust seem to imply? It implies that 3
reasonably trustworthy people all individually certified B's identity. That's a
fair amount of proof that the identity is correct. More eyes have seen the
passport or more people have known B for very long.

What is actually the case? This one person, A, whom I somewhat trust, has
certified B's identity. It's almost as if I'd set my "marginals needed" to 1,
because no more verification has ever been done of B's identity.

This is why I am adamant that you should not sign based on other people's
certifications. You are muddling my view, and I think I'm basing validity on one
thing whereas I'm accidentally basing it on something else. I have keys on my
ring that are valid, even though they did not pass my personal demands of
verification.

Lying was also brought into the discussion, as if that changes things. We are
talking about trust here; I'm making a mistake when I assign ownertrust to a
liar, but that in no way implies that it's okay to sign keys without verification.

When I find out people lie about their verifications, I set those people to "I
do NOT trust". When I find out people sign keys they haven't verified, I set
those people to "I do NOT trust".


The rest of your message about how you check an identity is a different topic
altogether. But let me say this: when I sign an UID, I primarily sign the name.
I prefer there's no comment, so I don't have to think about that, and ownership
of an e-mail address is an interesting topic. Who owns l.gaspard at yourisp.com?
You or your ISP? Both? Neither? If you wish to debate about how you check an
identity, please create a separate thread, because it is a different topic.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>