Re: [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys

Thu, 25 May 2006 10:56:43 -0700 

On 25 May 2006, Holger Levsen stated:

> Hi,
>
> while I agree that flaws in the actual protocol being used are
> problematic and worth pointing out, I wonder much more why people
> aren't more worried about how people use their computers: (double
> booting windows and) not using encrypted partitions, leaving there
> computers unlocked while being away, using binary only (non-free)
> software, running experimental packages from various sources
> (assuming that sid, testing and stable are safe..), etc. This
> potentially exposes the integrity of the private key, not only the
> integrity of signatures - which later can be revoked anyway.

        I have given up on that.  People insist on using their keys on
 networked computers, they even leave them lying around on _public_
 machines over which they have little control.

        If I were to insist on proper key security protocols, there
 would be a small handlful of people who would qualify.

> After a talk about the problems with gpg's web of trust at 22C3
> (e.g. in what do you put trust when you sign a key? the person being
> the person or her/his ability to keep his private key private or his
> ability to sign other peoples keys ?

        Lacking proper psychic abilities, I can't honestly give my
 word on the latter.

> Having said this, I also do believe that any step to create a bit
> more trust is a worthwhile one. We should just never forget, that
> _we_ don't sign stuff with gpg, it's our computer who does the
> signing. And this is completly different from "real" signatures.

        I have never signed anything in reality. It is either a
 computer, or a pen, doing the "signing". Do you have a point about
 people being poor at any form of signing if no tools are used?

        manoj
-- 
I have been insulted! I have been hurt! I have been beaten! I have
been robbed! Anger does not cease in those who harbour this sort of
thought. 3
Manoj Srivastava   <[EMAIL PROTECTED]>  <http://www.datasync.com/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
_______________________________________________
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Reply via email to