protecting pub-keys from unwanted signatures
administrador at unseen.is
Mon Aug 17 01:27:10 CEST 2015
For me there is no trust in the fact that anyone can sign my key and put
it on a keyserver, and because I do not know the person who did can not
validate their signiture/identity. What trust does this offer the
people who are real, trusted and known by me and whos keys have been
validated by me and my key(s) by them?
Give the owner the authority of his own public key and this issue would
fixed. For example: Only the owner of the public key has the right to
put/remove/modify his own public key on a keyserver.
> On Aug 16, 2015 2:27 PM, "Robert J. Hansen" <rjh at sixdemonbag.org> wrote:
>>> What other people do says nothing about me, and everything about
>> Except that 99% of people who see that signature will think you have an
>> association with white supremacists.
>> Should they? No.
>> Will they? Yes.
> People are stupid. Not necessarily any individual person, but people at
> large are.
>> The average person doesn't have a formal/mathematical model of trust and
>> what it means. They have a loose, poorly-specified understanding, like
>> "only sign certificates of people you know well." This leads them to
>> thinking, "well, this white supremacist group must know Chris well".
>> That's a false inference, but it's one a *large* number of people draw.
>>> On popular keys, such as Facebook's, or any other public figure,
>>> there are going to accumulate signatures that aren't a part of
>>> anybody's Web of Trust. Until such time that these signatures can
>>> constitute a genuine threat to the Web of Trust, they're irrelevant.
>> So you're now changing your statement: signatures *don't* always
>> strengthen the WoT -- a large number of them are irrelevant. This is
>> much closer to reality.
> If you rounded up all the signatures on a key server, and just started
> deleting them at random, any given deletion is significantly more likely
> to weaken the Web of Trust than to make no change, therefore,
> mathematically, every signature strengthens the WoT on average.
> Let's assign a value if 0 to every irrelevant signature, and a value of 1
> to every relevant signature. The total strength of the Web is the sum of
> the keys in the Web. Then the expected value of any given key's deletion
> is in fact a negative value greater than 0, and if we rebuild the Web from
> those signatures, the addition of any key has an expected value greater
> than 0, therefore, every key strengthens the Web
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
aut viam inveniam aut faciam
GPG KEY: 0CA6758D CA89F37F 49AE9799 D8D493A8 1CB8EEC8
More information about the Gnupg-users