MUA "automatically signs keys"?

Steve Jones steve at secretvolcanobase.org
Thu Jan 30 23:43:39 CET 2014


On Thu, 30 Jan 2014 21:09:45 +0000
MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote:

> On Thursday 30 January 2014 at 12:58:44 AM, in
> <mid:20140130005844.1f0f5b54 at steves-laptop>, Steve Jones wrote:
> > The advantage you have here though is the web of trust.
> > 1 level 1 signature would probably be not enough, but
> > 5, 10, 100..?
> 
> If the signatures are made automatically be email software without
> verifying identity, where is the web of trust? Lots of such signatures
> would tie the key to the email address but not to a person. Email
> addresses, just like phone numbers, may be re-used by a different
> person today to who used them last year.

Well therein lies my problem with the PGP system. It relies on the
notion of there being this singular thing called your identity. This
doesn't really match how people work in the world, it certainly doesn't
match how things work online. There are plenty of people I've known for
years by a particular name and using a particular email address, but by
the standards of PGP I haven't verified their identity so shouldn't
sign their key. In online communications so many people are just names,
urls or email addresses, their identity is just the things they've said
and published. If I was accepting a cheque from one of those people I'd
probably look for an identity confirmation, if I just wanted to talk to
them in probable privacy then a few other people saying effectively
"Yeah I've used that key for that person" is enough.

To put it somewhat glibly, if a friend introduces someone to you do you
ask for an affidavit that your friend has seen two forms of state issued
photo id before you'll talk to them?

> > There comes a point where you have to
> > decide that a certain level of security is good enough.
> 
> That is one of the points of the oft-repeated mantra "It depends on
> your threat model."

Yes, entirely. As it stands however the standard thread model seems that
we have to assume that all attackers are the NSA.

-- 
Steve Jones <steve at secretvolcanobase.org>
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20140130/e3843fc2/attachment.sig>


More information about the Gnupg-users mailing list