Tim wrote: > Todd Zullinger: >> Part of checking the key includes verifying the key id and >> fingerprint. After verifying this info I would sign the key to >> make it valid. (A signature can be marked as non-exportable, for >> keys you want to sign but don't want your signature to be exported >> along with that key if you sent it to someone else.) >> >> With a signature from my trusted key on John Doe's key, gpg now >> treats this key as valid. > > Of course, but the *problem* is that, often, actual *verification* > isn't possible. It's someone on the other side of the world, etc. That's true. But if you don't know someone at all, how would any signature they made have any value to you, whether it was digital or dead-tree style? This part of the trust issue is inherently a human problem and it is not something that is intended to be solved by any crypto system. You do have the ability to assign trust and build upon trust relationships, so that if you trust Bob to verify keys properly and Bob happens to have met me, you could trust that my key is valid based on Bob's certification of my key. This "web of trust" concept is a large part of the way PGP works, by design. > So, the reality is that most signatures stay as *unverified*, with > the few that aren't, being labelled as verified when they're really > not. Can you say that last part again? How are signatures labelled as verified when they really aren't? If you or someone you've chosen to trust has not signed (certified) a key, no signatures made by that key should be labelled as verified. Gpg will say it is a valid signature from an untrusted key. > It does something similar. A whacking great big coloured bar across > the bottom of the page. Bright yellow if the signature matches the > message, but isn't verified. Green if both check out. Red if some > aspect fails. And in that bar is a clickable icon for you to get a > wordy description (what I pasted, previously). (A screenshot of the > bar has been attached.) Okay. That's quite a reasonable way to display it. (Thanks for the image.) >> This is all not that different from signatures on paper. If I sign >> a document as John Doe and you trust it without any other >> verification that I am the John Doe you wish to do business with, >> you can be easily fooled. > > I know. And that's the usual way it's used. Blind faith. That's not the way I (or those that I know personally) use PGP. That's not at all the way it is intended to be used. Anyone using it that way gets zero security (or perhaps less than zero :). > The blind faith aspect of using PGP, in the absense of other > information, is one of its Achille's heels. The very real problem of determining who to trust is not something a crypto system is going to solve for you. Top-down systems (like typical SSL or S/MIME certs) may try to offset this trust problem by having a certificate authority that certifies keys and is implicitly trusted by everyone. I certainly have less faith in those systems than I do in a system like PGP where I get to choose completely whom I trust (and to what extent). (And yeah, both SSL and S/MIME can be used in a decentralized way like PGP is, and vice versa.) > No, you get the warning that you see with all signed messages. The > rather meaningless one. I wouldn't call it meaningless. But I don't use PGP so that I can verify signatures made by keys I don't trust (or have a trust path to). Yes, if you want to use it to verify every signature on public mailing lists, then you'll likely find the system isn't able to magically solve the meat space problems of who to trust. > The failing of the system is that it's hard to get a verifiable > signature in the first place. i.e. For me to create mine and have > it checked so it's meaningful for other people. It is hard to do this between people that have never met or that don't make some effort to get their keys into the strong set of keys, yeah. I just don't see this as much of a problem, because I don't see the value in worrying about trusting people that I don't know at all. I can, if I want, get a lower level of assurance from their signatures if I locally sign their key. That will let me know that someone may have forged one of their messages if I suddenly get a signed message that looks to be from that person and it's signed by a different key. To get much more than that and I'd need to meet them or have a path between keys of someone I know/trust and someone they know. The value on mailing lists is that consistency can be established. If I get 99 messages from you that are signed with one key, and one that is signed with a different key, the odd key will stand out quite quickly if I've locally signed your key. This consistency is one of the reasons I sign my list mail. I don't think we disagree on how things work so much. We just have different opinions on how much of a problem it is that they work this way. :-) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Happiness is good health and a bad memory. -- Ingrid Bergman (1917-1982)
Attachment:
pgpPyHJo3C9Zz.pgp
Description: PGP signature