trust your corporation for keyowner identification?

Leo Gaspard ekleog at gmail.com
Thu Nov 7 20:19:31 CET 2013


On Thu, Nov 07, 2013 at 01:40:22PM -0500, Daniel Kahn Gillmor wrote:
> On 11/07/2013 11:09 AM, Leo Gaspard wrote:
> >Except they do not have to know X, nor that he makes perfectly reasonable
> >decisions in signing keys.
> >
> >And I believe it's not noise. Let's make an example in the real world :
> >  * I would entrust X with my life
> >  * X would entrust Y with his life, without my knowing it
> >  * Thus, if I actually entrusted X with my life, why should I be frightened if X
> >    asked Y to take care of me ? Provided, of course, X told me he was letting Y
> >    take care of me. After all, I would entrust X with my life, so I should just
> >    agree to any act he believes is good for me.
> >(That's what I called blind trust. Somewhat more than full trust, I believe.)
> 
> if we're talking about gpg's concept of "ownertrust", please do not muddy
> the waters with "entrust X with my life"?  gpg's "ownertrust" is much more
> narrow than that: it says "I am willing to rely on OpenPGP certifications
> made by the holder of this key".
> 
> "entrust with my life" is not simply a superset of all other trust.  I have
> friends who would take care of me if i was deathly ill.  I would place my
> life in their hands.  But they have never thought about how to do rigorous
> cryptographic identity certification, and I would not rely on their OpenPGP
> certifications.

Indeed, I thought of this case after having sent my email. Anyway, by "blind
trust", I did mean a superset of all trusts related to keysigning.

> >>Let's get back to ownertrust: in the Web of Trust, ownertrust is an expression
> >>of how well you think other people verify identities before they sign a key. If
> >>you sign key K2 based on X's signature, you haven't verified Y's identity.
> >>You've probably verified X's identity, but not Y's. So you shouldn't sign K2.
> >
> >So, is a signature a matter of belief in the validity of the key or of actual
> >work to verify the key ?
> 
> An OpenPGP certification says "I believe that Key X belongs to the person
> identified by User ID U".  Most people would not want to make that statement
> publicly without having thought about it and convinced themselves somehow
> that it is true.  What it takes to convince each person may well vary, which
> is why we assign different ownertrust to different people.  When making a
> public assertion like an OpenPGP certification, it is also probably
> reasonable to ask what the parties involved (or the rest of the world) gains
> from making that statement. Just because you believe a statement to be true
> doesn't mean you need to make it publicly, with strong cryptographic
> assurances, and it may have bad consequences.
> 
> Also, consider that certifications are not necessarily forever.   If Alice
> relies solely on Carol's certification to believe that key X belongs to Bob,
> and Alice then certifies (Bob,X), what does Alice do if Carol revokes her
> certification?  If Alice doesn't pay attention and revoke her own
> certification, then she is announcing as fact to the world something that
> she should no longer believe to be true (assuming that she was relying only
> on Carol's certification for that belief). This sounds like an untenable
> maintenance situation I personally would rather avoid, which is why i do not
> make public certifications based solely on other people's certifications.

Indeed. I just backed off in my answer to Peter, by understanding why it was not
needed. However, I believe that for the initial problem (ie. key change),
information provided by a signed message accompanied from a UID on the other key
is significant enough, and moreover definite, so I would not be bothered signing
such a new key (of course, also revoking the signature on the old key).

> >If I understood correctly, the depth parameter you are talking about is useless,
> >except in case there are trust signature. And you agreed with me for them to be
> >taken out of the equation.
> 
> The depth parameter is useful even without trust signatures.  Peter Lebbings
> response upthread describes the scenario.

Indeed. Thanks for your answer, clarifying once again what signatures mean ! (I
know, I'm slow to understand, but I think I'm OK no.)

Cheers,

Leo



More information about the Gnupg-users mailing list