protecting pub-keys from unwanted signatures

Schlacta, Christ aarcane at aarcane.org
Mon Aug 17 00:05:59 CEST 2015 

On Aug 16, 2015 2:27 PM, "Robert J. Hansen" <rjh at sixdemonbag.org> wrote:
>
> > What other people do says nothing about me, and everything about
> > them.
>
> Except that 99% of people who see that signature will think you have an
> association with white supremacists.
>
> Should they?  No.
>
> Will they?  Yes.

People are stupid. Not necessarily any individual person, but people at
large are.

>
> The average person doesn't have a formal/mathematical model of trust and
> what it means.  They have a loose, poorly-specified understanding, like
> "only sign certificates of people you know well."  This leads them to
> thinking, "well, this white supremacist group must know Chris well".
> That's a false inference, but it's one a *large* number of people draw.
>
> > On popular keys,  such as Facebook's, or any other public figure,
> > there are going to accumulate signatures that aren't a part of
> > anybody's Web of Trust. Until such time that these signatures can
> > constitute a genuine threat to the Web of Trust, they're irrelevant.
>
> So you're now changing your statement: signatures *don't* always
> strengthen the WoT -- a large number of them are irrelevant.  This is
> much closer to reality.

If you rounded up all the signatures on a key server,  and just started
deleting them at random,  any given deletion is significantly more likely
to weaken the Web of Trust than to make no change, therefore,
mathematically, every signature strengthens the WoT on average.

Let's assign a value if 0 to every irrelevant signature, and a value of 1
to every relevant signature.  The total strength of the Web is the sum of
the keys in the Web.   Then the expected value of any given key's deletion
is in fact a negative value greater than 0, and if we rebuild the Web from
those signatures,  the addition of any key has an expected value greater
than 0, therefore, every key strengthens the Web
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150816/28ac19ce/attachment.html>

More information about the Gnupg-users mailing list