MUA "automatically signs keys"?

Steve Jones steve at
Fri Jan 31 10:24:17 CET 2014

Hash: SHA256

On Fri, 31 Jan 2014 01:15:07 +0000
MFPA <2014-667rhzu3dc-lists-groups at> wrote:

> On Thursday 30 January 2014 at 10:43:39 PM, in
> <mid:20140130224339.5fcb0d27 at steves-laptop>, Steve Jones wrote:
> > Well therein lies my problem with the PGP system. It
> > relies on the notion of there being this singular thing
> > called your identity.
> I'll take that to mean your problem with the web of trust.

To be really pedantic the web of trust established by conventional use
of the OpenPGP protocol :-P

> The pedantry about verifying government-issued identity is perhaps
> necessary if you have the need to be confident the government knows
> the other person as "John Smith" and that they are the right one of
> the many "John Smiths" in existence. If that is not needed, the
> name by which any government knows the person is irrelevant.

> <snip>

> Your certification on a key means exactly what you want it to mean.
> If your certification is published with a key, it is up to each user
> to interpret that certification as they see fit (or to ignore it
> entirely).

Well the conventions of use, for example the key signing party
protocol, requires photographic id. If I publicly sign a key it has to
be in line with how I expect others to interpret it. Policies and
notations on signatures go some way to alleviate that but only if the
tools support it.

> > In online communications so many people are just
> > names, urls or email addresses, their identity is just
> > the things they've said and published.
> Is that so different from the person you don't actually know, but they
> are sometimes on the train when you are commuting, and just
> occasionally you chat?

Nope, the difference is that in real life I have good mechanisms for
being sure that the person I'm talking to today is the same as the
person I was talking to yesterday. To me, you are just an email
address, for all I know you're a dozen different people spoofing emails
to the list. If all your mails are signed with the same key then I can
at least assume all those people are working in concert :-)

The issue is that the tools around OpenPGP use are designed around the
idea that it's for verifying some fixed identity, whereas in this case
it's continuity of identity that's more important. If your key had
dozens of signatures at the persona level going back a few years then
I'd have a reasonable belief that you're not just a brand new identity
created for mischievousness (not that I'm claiming that you're
trolling, it's just an example). With notations you get a system of
distributed tagging, where identity becomes a matter of a collection of
attested to attributes. Obviously this could create a lot of noise so
you'd have a limited set of folks (including ephemeral Internet folks)
who's tags you trust, probably the same people who's signatures you
trust - which is handy. :-)

My mail client, and all the others I've used, is only interested in
whether I, or someone else, has certified that MFPA is your real name.

> >  If I was
> > accepting a cheque from one of those people I'd
> > probably look for an identity confirmation,
> If I didn't know their name or address, depending on the amount
> involved I may not accept the cheque.

Certainly. This BTW is why I think anonymous cryptocurrency is a daft

> > if I just
> > wanted to talk to them in probable privacy then a few
> > other people saying effectively "Yeah I've used that
> > key for that person" is enough.
> Is what the signature means? Are they not simply saying, in effect,
> "Yeah I've used that key for that _email address_?"

Yes, I was being sloppy there.

> > To put it somewhat glibly, if a friend introduces
> > someone to you do you ask for an affidavit that your
> > friend has seen two forms of state issued photo id
> > before you'll talk to them?
> Depends on the conversation. (-;

True, "This person is a police officer and would like to know where you
were last night," might lead you to wanting to see id. It would be nice
to be able to cryptographically verify such things.

> There is no standard threat model. But the NSA and others are, at
> least anecdotally, monitoring all communications and retaining copies
> if they are encrypted. And any person could come under scrutiny as a
> result of being only a small number of communication hops from a
> "person of interest."

By standard threat model I'm extrapolating from what all the docs seem
to say. It appears to be an entity with the NSA's (purported) ability
to monitor and intercept the Internet but without their ability to hack

- -- 
Steve Jones <steve at>
Key fingerprint: 3550 BFC8 D7BA 4286 0FBC  4272 2AC8 A680 7167 C896
Version: GnuPG v1.4.12 (GNU/Linux)


More information about the Gnupg-users mailing list