UI terminology for calculated validities

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Fri May 2 16:55:33 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Friday 2 May 2014 at 4:34:30 AM, in
<mid:53631246.2090303 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:


> but i don't see the
> advantage of someone else publishing claims that i am
> the same person holding two different keys.

Agreed, that is an awful idea.



> people using the keyservers to document
> social relationships that they are not involved in; i
> don't think that's a good idea.

People wishing to do this already use signatures and UIDs to add their
message to the background noise on the keyservers.

"KeyA and KeyB are controlled by the same person" would be merely
inconsequential noise unless it were a claim made by both KeyA and
KeyB.



> One way that gpg makes certifications
> directly on the primary key itself is when you revoke a
> key.  I don't know if there are other mechanisms in gpg
> to expose that sort of thing.

This shows the code is already there to make certifications directly
on the primary key.



> I tend to see it the other way; i'd want to know
> specifically how the proposed information is supposed
> to be useful *first*, and then (if it's a compelling
> enough case) we can talk about how to specify it.

I guess there is also the option for somebody who wished to run tests
and maybe standardise later if something useful came out of it.



> --ask-cert-level fails this test, for example.

I always thought that seemed like it ought to be a useful thing to
consider when making a certification.



> We
> don't actually make use of that data in any certificate
> validation algorithm, so publishing it just produces a
> richer social graph than we need to publish, and
> doesn't benefit anyone other than folks who want to
> data mine the social graph on the keyservers. That's a
> net loss in my opinion.

I consider to be a loss, the publication of any un-necessary
information that allows a person to be identified or their
associations analysed.


- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

Nothing a Pan-Galactic Gargle Blaster won't cure!
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlNjsfVXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5p6NkD/RalxmeLVx8JSHkuwL/TMee70d1utPH8tmJk
AvKBDcXkunFwT8KyoLU/M3uTVp7R2ajPtNc7Qmu2NJn/qV/U/DIGDPOJX6rzujjL
vMI6hbvULcoAMAA2ql3MDeTRFQ42FzQYkd7wGIHmBBiwL33lVzAdJW23TkRBL8qL
w4Tf0Zsf
=0if5
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list