On 7/1/2012 5:26 AM, Kiss Gabor (Bitman) wrote:
> No matter which key server a key I get from.
> No matter who operates a key server.
> The only important thing if a key is signed by trustworthy peoples or not.
In your security model, sure. But please don't go about telling the
world what their model should be.
In your world, "by definition" all keyservers are equally untrustworthy.
But other people have different worlds, and they get to come up with
their own definitions, and many of them are based on reason and due caution.
> Why do you trust John?
Why would I tell someone I don't trust -- you -- the reasons for the
trust I've invested in John?
> Why do you think peoples trust _you_?
Why would I tell someone I don't trust -- you -- the reasons for the
trust other people have invested in me?
For whatever reason there are a fair number of people who trust me to
give good counsel and to be fair in my dealings with the community. I
value the trust these people have invested in me, and for that reason I
will not redirect keyservers.org somewhere else.
> If a user was cautious, (s)he would download thousands more keys (s)he
> need or operates an own key server.
Again, you keep on defining threat models for other people.
You have the authority to declare what your model is. You really don't
have any footing to declare what someone else's model should be. Nobody
does.
> a trusty key server. (I hope you know at least one beside yours. :-)
> If some users trust you as a key server operator, they must
> trust your choice of fallback server too.
This is flat factually wrong. Trust is not necessarily a transitive
property. See, e.g., "Why Isn't Trust Transitive?", _Proceedings of the
International Workshop on Security Protocols_, 1997.
http://dl.acm.org/citation.cfm?id=720377
In *some* models, trust *is allowed to be* a transitive property.
However, transitive trust is not a general property of all models, and
definitely not a general property of keyservers.
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
