Question about signing keys and trust.

Doug Barton dougb at dougbarton.us
Fri Mar 17 08:29:55 CET 2017 

On 03/15/2017 02:14 PM, Jamie H. via Gnupg-users wrote:
> Hello!
>
> It's been a few years since I've messed with gpg, but I have an
> application that needs something kind of like distributed groups.
>
> Lets say I have: "key group" (which is owned by who-cares, it's a
> public key only that represents a group of people)

The fact that more than one person has access to the key seems 
superfluous to your use case.

> I have a person, lets say William Smith who has his key signed by
> who-cares
>
> William Smith then signs Betty Boop with his key.
>
>
> So William Smith and Betty Boop are sort of like members of "key
> group" because Betty Boop has a signature by someone who has their
> key signed by the key group, and if Betty Boop signs someone, up to
> n-depth, then those people become members of "key group". No one has
> authority to add or remove people, except other members of the same
> group.

This very unclear, but perhaps you have a more detailed implementation 
plan in mind, and this is just a summary.

> ... fast forward ..
>
> In the application, lets say it's a spam fighting tool, a Betty Boop
> marks a message as spam.
>
> I trust members of "key group" to mark spam, but I don't trust them
> with everything, just marking spam, so the spam message is deleted.
>
> Popeye, who is a member of "alien group" marks something as spam too,
> but since popeye doesn't have a key signed by someone in "key group",
> I do not trust him to flag messages as spam, so I just ignore it.

This bit is clear, but if a spam detection tool is what you're 
developing, sharing the responsibility for flagging something as spam is 
a very bad idea. There has been a lot of e-ink spilled on this problem 
from all of the major mail providers. Essentially, users are incredibly 
bad at reliably tagging *their own mail* as spam, or not-spam. At best 
an individual's opinion on whether something is spam or not should be 
taken as one lightly weighted value in the overall determination. 
Developing a complex system of trusting users' opinions on this topic 
would be a waste of your time.

> Problem is I can't see how! Is there a way I can look at someones
> public key and (without importing anything into my personal key
> files) list in a kind of chain fashion how many other signers there
> were?

Sort of. You can use --list-packets, but it would be very painful.

It would actually be easier to import these keys onto their own rings 
using the no-default-keyring option. You probably also want to use 
no-import-clean option so that you can see all the signatures, including 
those from keys you have not already imported yet.

It's not *too* complicated to do this kind of stuff, but you have to 
really read the man page and understand how the pieces fit together.

I would also recommend that you use GNUPGHOME to create a separate 
environment from your own personal one.

> I admit, GPG probably wasn't designed for this, and I don't really
> get the whole trust level thing.. and if it's impossible or
> impractical I'll find another way, but it would be convenient.

Trust is completely different from what you're describing here. 
(Unfortunately the term 'trust' is badly abused in PGP circles, and has 
at least 4 different meanings depending on context.)

You don't care about the trust *level* at all. Your only concern is 
whether or not the key you're examining is included in the web of trust 
for your tool. If your "group key" that you described above is the apex 
of the tree, you want to examine the key you have to see if it has a 
chain of trust back to that apex key. For keys which are close to the 
top, that would not be too expensive of an operation. But as your pool 
grows it could become quite expensive, as you'd have to check if 
signatures/keys have been revoked, expired, etc.

Another problem you have is that there is no way for the administrator 
of the system to decertify a user (kick them out of the group, so to 
speak). You would require the cooperation of every user in every chain 
of trust back to the apex key, and every other member of the group not 
to add them back.

As you point out, PGP is not really designed for this sort of thing. :)

That said, you may be able to learn some stuff from the software for 
this site:  http://pgp2.cs.uu.nl/wotsap/

hope this helps,

Doug

More information about the Gnupg-users mailing list