trust your corporation for keyowner identification?

Leo Gaspard ekleog at gmail.com
Thu Nov 7 20:10:11 CET 2013


On Thu, Nov 07, 2013 at 07:21:28PM +0100, Peter Lebbing wrote:
> On 2013-11-07 17:09, Leo Gaspard wrote:
> >If I understood correctly, the depth parameter you are talking about
> >is useless, except in case there are trust signature. And you agreed with
> >me for
> >them to be taken out of the equation.
> 
> Of course it's not useless. You seem to misunderstand the Web of Trust.
> 
> I'll give an example.
> 
> I know and trust the people A, B, C, D and E. A has signed B, B has signed
> C, C has signed D, D has signed E, and E has signed F. I meet up with A,
> verify their identity, and sign their key. I assign ownertrust to A, B, C, D
> and E. Et voilà, the keys A, B, C, D and E are all valid, without me needing
> to meet up with my other friends to verify their key details. A is at level
> 1, B at 2, C at 3, D at 4, and E at 5. Unfortunately, F won't get valid
> because it is at level 6.

Indeed, I never thought someone would assign ownertrust without verifying the
key. Please accept my apologies.

However, I still believe that, under the condition any ownertrusted key has been
verified (which, I assumed, was commonplace, but I was apparently wrong), the
depth parameter is useless.

> Now suppose C signs F as well. F is now at level 4, so it becomes valid.
> However, I don't trust F, so even if F now signs G, G won't become valid.
> 
> Signatures indicate verification, not trust or belief. Trust is in your
> trust database or in trust signatures, but the latter are not commonly used.
> Belief is expressed in validity calculated from your trust database and
> signatures. I don't know if you can choose to disagree with GnuPG, that is,
> if you don't believe a key is valid even though GnuPG calculated that it is.

I'm sorry, I think I gave too much importance to your earlier statement
("Signing is to be an attestation to the validity of the key."), incorrectly
deducing from it that signatures indicates that you should sign whenever you
believe a key is correct as much as if you met in person

> I could get back to all the other points you raise, but I think it's a waste
> of time when you have reasoned from the standpoint that to get a key to be
> valid, you need to sign it, and that is how it looks to me.
> 
> It's not much of a Web when you don't have any depth... it's more of two
> intertwined strands then ;).

I think this time, you gave too much importance to some of my sentences. Or
maybe was I too bad at making myself understood.

Anyway, I meant I should sign a key whenever I believe a key to be valid as much
as if I met with the keyowner. Which, of course, does not equates with merely
believing a key is valid. Indeed, on the WoT, one is rarely sure of the quality
of signatures. (Indeed, I believe(d) full ownertrust must be quite rare., for
that same reason ; but I am probably wrong.)

And, now I know assigning ownertrust to not-personnally-checked keys is
relatively common, I know I should not sign keys based on other people's
verification.

However, to come back to the initial problem, I still believe the key change
problem (ie. owner of K1 switchs to K2) does not require re-verifying ownership
etc. (BTW, isn't this also why transition statements, like
https://we.riseup.net/assets/77263/key%20transition were written ?)

But I still wonder how one should deal with key duplication (ie. owner of K1 now
has a second key K2)...

> HTH,
> 
> Peter.
> 
> PS: My ownertrust for E is useless for now, because he/she is at level 5.
> However, if I get a shorter path to him or her later, it will become useful
> then.

Anyway, thanks for you detailed explanations about the WoT !

Cheers,

Leo



More information about the Gnupg-users mailing list