On 04/07/2011 09:37 PM, Grant Olson wrote: > Keep in mind that the web-of-trust isn't the mafia. If you 'vouch' for > someone and they turn out to be a rat, nobody's going to two bullets in > your chest, and one in your head.
"Vouching" for someone usually means that you think you can rely on the person, and that you think they're somehow "good", "on our side", "trustworthy", etc. Making an OpenPGP certification ("keysigning") is *not* the same as "vouching" for them. An OpenPGP certification is a simple assertion of two things: {identity (which may include an address), and ownership of a key}. An OpenPGP certification says nothing about whether you think the keyholder is a good person, whether you would trust them with your children, whether they are a good software engineer, whether you would vote them into public office if you happen to live in a democracy, or even whether you are willing to rely on the OpenPGP certifications they produce. [0] You are free to assert these other qualities in many other ways, of course. For example, I could write, sign, and publish a document that says "Alice <al...@example.net> has strong moral fiber". This sort of "vouching" would be distinct from my certification of Alice's OpenPGP key. Note that I am *not* saying that Alice's key has strong moral fiber. My statement is vouching for *Alice*, not her key. Keeping the semantics of keysigning restricted to a simple assertion of identity and key ownership makes it possible to do reasoned inference over a set of certifications, to establish (via intermediate parties, such as "mutual acquaintances") a level of reliable identity and key-ownership between people (and other entities!) who have never physically met. It also makes OpenPGP certification less fraught with doubt or confusion, and it reduces the amount deep social relationships published on the public keyservers. This is good. If you mix non-identity, non-key-ownership notions into your OpenPGP certifications, making a certification becomes radically harder (because the other notions are significantly less objective), and your ability to do effective reasoned inference about identity and key-ownership drops away as certifications themselves become rarer and more entangled with subjective measurements of "vouch-worthiness". Ironically, this means that mixing concepts of "vouching" into standard OpenPGP certification makes it *harder* to effectively "vouch" for someone, because it is harder for them to establish their identity in the first place. Vouching for people is great, and useful in many contexts. But it should not be conflated with identity certification. --dkg [0] Yes, you can actually assert your willingness to rely on the keyholders' own OpenPGP certifications, using so-called "trust signatures". Currently, very few people issue trust signatures, and those who use them responsibly issue them very rarely. If you aren't confident on standard OpenPGP certifications, you should probably avoid issuing trustsigs entirely. They are public declarations of social relationships that most people prefer to keep private.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users