On Thu, Nov 07, 2013 at 11:48:07AM +0100, Peter Lebbing wrote: > On 06/11/13 23:28, Leo Gaspard wrote: > > But mostly because signing is an attestion of your belief someone is who > > (s)he is. Thus, if you believe someone is who the UID states (s)he is as > > much as if you met him/her in person and followed the whole verification > > process, I would not mind your exporting signatures of the key. > > I get the feeling you're partly responding to my adamant statements earlier, > but > you're confusing the situation I was responding to.
Well... The answer to your previous message was in my first two paragraphs. The rest of my answer, to which you answered, was mostly thinking over some debate that aroused earlier, and whose authors I do not remember. Anyway, I think you answered the most important part of my last message. > I think you're saying: Person X tells me their key is K1. I blindly trust > person > X, and I know for a fact that person X was the one who told me K1 is his key. > That is, you were in the same room, or you recognised their voice on the > telephone, or something similar. This is acceptable to many people as a > verification. > > But this is not the situation I was talking about. It's this: > > Person X (having key K1) has signed key K2, asserting that it is held by Y. > Since you blindly trust X, you can assign him full (or hell, ultimate if you > prefer) ownertrust, and key K2 is valid for you. You don't need to sign K2 > anymore, because it is already valid since you expressed your trust to GnuPG, > and GnuPG uses it to validate that it belongs to Y. > > Now, what Stan Tobias appeared to want, is sign key K2 himself, probably to > express to others in the Web of Trust that he believes K2 to be valid. But > this > doesn't add any additional verification of key validity to the Web of Trust, > it's noise. Because anyone else can look at the signature made by X, and > decide: > I trust X fully as well. They assign full trust to X, and K2 becomes valid. Except they do not have to know X, nor that he makes perfectly reasonable decisions in signing keys. And I believe it's not noise. Let's make an example in the real world : * I would entrust X with my life * X would entrust Y with his life, without my knowing it * Thus, if I actually entrusted X with my life, why should I be frightened if X asked Y to take care of me ? Provided, of course, X told me he was letting Y take care of me. After all, I would entrust X with my life, so I should just agree to any act he believes is good for me. (That's what I called blind trust. Somewhat more than full trust, I believe.) > Let's get back to ownertrust: in the Web of Trust, ownertrust is an expression > of how well you think other people verify identities before they sign a key. > If > you sign key K2 based on X's signature, you haven't verified Y's identity. > You've probably verified X's identity, but not Y's. So you shouldn't sign K2. So, is a signature a matter of belief in the validity of the key or of actual work to verify the key ? > You might believe Y when he or she walks up to you and says: my name is Y and > K2 > is my key. But that is not what happened; X said: K2 is Y's key. Y didn't say > anything to you, let alone that you verified it was actually Y talking. That's > the absolutely necessary part of verification: you believe that it was > actually > Y that told you K2 is theirs. Just believing K2 is Y's key is not > verification; > it's key validity. > > I'll give an example. > > In the Web of Trust, key validity is a thing that can gradually build up until > it passes a certain point where we say: I have so much proof that it appears > to > be valid, that I conclude it's, within reason, valid. This is why you have > "completes needed", "marginals needed", and "max cert depth". The latter says: > once we pass a certain depth, my proof of identity becomes so indirect I don't > wish to trust that information anymore. I will paint a picture with the > default > settings, completes 1, marginals 3, max depth 5. If I understood correctly, the depth parameter you are talking about is useless, except in case there are trust signature. And you agreed with me for them to be taken out of the equation. > Suppose A has signed B. There are three people C, D and E, who have full trust > in A. They do what I'm arguing against: they sign key B as well, based on > their > trust of A. > > Now I come along. I actually have key A valid as well, but quite indirectly: > it > is at level 4. I know A, but ownertrust is very personal. I think A does an > okay > job of verifying identities, but not to the rigorous level I personally > demand. > I work with pretty sensitive stuff, and my standards are high (I'm painting a > picture here, not describing reality). So I assign him marginal ownertrust. > Now > what I would expect, is that I need some more signatures, and B will become > valid at level 5, the level where I have configured GnuPG to say: okay, this > is > deep enough, I will not take into account B's signatures on other keys because > the proof becomes too indirect. > > However, I also know C, D and E, signed their keys and assigned them marginal > ownertrust because I was under the impression they also verify identities > pretty > well. I don't know that they go around signing keys based on other people's > signatures. If you do not know their key signing policy, and assign them any ownertrust, then are you working with such sensitive stuff ? At least, a key signing policy such as mine would be clear enough : I sign a key when I believe it is valid as much as if I had met its owner in person. > C, D and E are thus at level 1 in my web. They all signed B's key, so I think: > that's reasonable proof that B is valid. Not only do I think that, so does > GnuPG. It leads to B's key being valid at level 2. B can have another few > levels > of indirection before I consider the path too long. In fact, for signature > paths > through B, it effectively just changed my "max cert depth". B belongs at level > 5, because the proof of validity is very indirect in my *own* web, but he's at > level 2, so my "max cert depth" has effectively become 8 instead of 5 for > paths > through B. Which is, as pointed above about trust signatures, quite irrelevant. (sorry for being so blunt, I found no other wording) > Furthermore, what does my Web of Trust seem to imply? It implies that 3 > reasonably trustworthy people all individually certified B's identity. That's > a > fair amount of proof that the identity is correct. More eyes have seen the > passport or more people have known B for very long. > > What is actually the case? This one person, A, whom I somewhat trust, has > certified B's identity. It's almost as if I'd set my "marginals needed" to 1, > because no more verification has ever been done of B's identity. Wrong. More verification has been done for B's identity than you would have thought. Because you believe A is marginally reliable, while your web of trust believes A is fully reliable : C, D and E did enough work to check A is trustworthy, which apparently you did not do. If you believe they were wrong in this checking of A's trustworthiness, just don't assign them ownertrust. Sure, this would weaken the WoT, but as you conflict on whether A is trustworthy, why would you not conflict on whether B is who (s)he is ? > This is why I am adamant that you should not sign based on other people's > certifications. You are muddling my view, and I think I'm basing validity on > one > thing whereas I'm accidentally basing it on something else. I have keys on my > ring that are valid, even though they did not pass my personal demands of > verification. In fact, they did. Because you assigned ownertrust to C, D, and E, which you should not have done. BTW, if I understood the WoT correctly, if C, D and E trust-signed A with full ownertrust (after all, you're talking about max depth, so why not?), then your WoT would have validated B any way, as you marginally trusted C, D and E. > Lying was also brought into the discussion, as if that changes things. We are > talking about trust here; I'm making a mistake when I assign ownertrust to a > liar, but that in no way implies that it's okay to sign keys without > verification. We do totally agree. > When I find out people lie about their verifications, I set those people to "I > do NOT trust". When I find out people sign keys they haven't verified, I set > those people to "I do NOT trust". So, finally your meaning of signatures is no longer about key validity, but rather about key verification ? I still do not sort this out, sorry. BTW, I do not know anyone I would trust enough to assign full ownertrust, let alone re-signing keys signed by (s)he. > The rest of your message about how you check an identity is a different topic > altogether. But let me say this: when I sign an UID, I primarily sign the > name. > I prefer there's no comment, so I don't have to think about that, and > ownership > of an e-mail address is an interesting topic. Who owns l.gasp...@yourisp.com? > You or your ISP? Both? Neither? If you wish to debate about how you check an > identity, please create a separate thread, because it is a different topic. I did not mean to raise a topic on identity check, only to raise the issue that, in fact, you are already relying on a single assertion for UID assessment, whether it is the government or whatever. However, if the government started to sign keys, would you assign it full ownertrust ? I think that, due to NSA scandals, most would not. But they would just be fooled into thinking they are out of the reach of the government, as most identity checks would be based on government assertion. But you would expect people to continue checking information based on passports, right ? So you would implicitly condone this re-signing the key. Now, change the word "government" with the word "person A", and you are back with your example. Cheers, Leo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
