Managing Subkeys for Professional and Personal UIDs

Martin Behrendt martin-gnupg-users at dkyb.de
Mon May 5 10:41:50 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am 04.05.2014 12:52, schrieb Robert J. Hansen:
>> No, there are no good reasons.
> 
> If that's an axiom in your system, then so be it.  But let's not
> go about thinking that's something you've deduced from principles.
> 
Well I haven't heard any so far.


> It's not about technical problems.  In the case of the President
> and his autopen, it's about legal problems.  Under United States
> law, for a piece of legislation to take effect the President must
> affix his signature to the *exact same piece of paper* that the
> House and Senate affixed their marks to.  He's not allowed to sign
> a copy.
> 

So, let's make an insecure system instead of maybe changing the law?
Or maybe changing your priority as a president. There is more than one
road that leads to Rom.
Besides, *he* needs to sign the original document. So it is okay to
make it appear he signed it originally by himself but he has not? That
is okay and within the law? For this to be within the law, I would
expect they would need to write it into the law. So they also could
write other stuff in the law, e.g to add the information who operated
the autopen and that an autopen was used.

> You are certainly free to think this is a broken system.  (Thinking
> the American political system is broken is the favorite pastime of
> many Americans.)  But you have to admit this is a real-life example
> taken from the highest corridors of power in an environment where
> there are some extreme security implications of allowing third
> parties to execute the President's signature...
> 
> ... /and yet they choose to do it./
> 
This is, again, rhetoric and not an argument. I explained that before.

> That's the world we live in.  You are, of course, free to scream
> that they are all idiots and fools and morons who are not listening
> to your divinely-inspired wisdom.  Me, I'm going to grit my teeth,
> say, "well, let me see if I can help them not make a complete hash
> of things," and engage the world as it is.
> 
No I'm not screaming. It has nothing to do with me having more wisdom
than others. I just want to learn from the past and put 10% more
energy in having a more secure system. I'm just saying that there are
better ways to solve the same problem while you defend your position
with phrases and rhetoric and not with arguments.
Let me exaggerate of what it sounds to me, what you are saying:
There is a nuclear power plant build next to a volcano on the shore of
an ocean and just on top of the boundary points of two tectonic plates.
I'm saying. Hey guys thats stupid, shouldn't we build wind engines or
wave power machines here instead and shut down the nuclear power
plant? The volcano is active, tsunamis do happen here and let's not
forget about the earthquakes.
And you are saying: "You are, of cause, free to scream that they are
all idiots and fools and morons who are not listening to your
divinely-inspired wisdom. Me I'm going to grit my teeth, say, "well,
let me see if I can help them not make a complete hash of things," and
engage the world as it is."

It is valid to say: Yes this is stupid but we need to secure the
system on a short term perspective as it is but we need to do
something better on the long run.
But from what you are saying and how you are behaving I only get: The
world is stupid. I won't change it but I will help to make the outcome
of the stupid things not have such a bad effect. But I will defend the
overall stupidity behind it because the stupidity is done and that is
how the world is. And there are people saying "We are not going to
change it."

> Did you read the part about the ex-CEO breaking into my apartment
> and accessing my PC?  Come on, man.  My *personally owned*
> certificates were compromised.  How much worse could it really have
> been if he'd chosen to improperly use my *corporately owned*
> certificate?
> 

Yes, I said I read the story.
And ones you discovered your personally owned certificates were
compromised you revoked them, made new ones and you were aware of the
fact that they might be misused and could be more cautions over a
period of time. But your corporate certificates could have been
misused from the beginning without stealing them first from you by
design of the system you defend. Can you see the difference?

>> And as a side note. Your answer to my other mail completely
>> missed my point. I was saying that you are using phrases and
>> rhetoric rather than arguments to try to defend your point.
> 
> If you haven't been seeing arguments, then I respectfully suggest 
> reading closer.
> 

I didn't say you are *only* using phrases and rhetoric. I admit you
are also using badly designed examples which most of the time, if you
think them through, are not helping your point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEAREKAAYFAlNnTs4ACgkQ/6vdZgk46shx0wCePfgKmiv3wpOQl/n8bnR7WhEA
puYAn0UWyjiplyGQUoIrkdqY5/dQV3cs
=BxdB
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list