Tim wrote:
> Todd Zullinger:
>> Part of checking the key includes verifying the key id and
>> fingerprint. After verifying this info I would sign the key to
>> make it valid. (A signature can be marked as non-exportable, for
>> keys you want to sign but don't want your signature to be exported
>> along with that key if you sent it to someone else.)
>>
>> With a signature from my trusted key on John Doe's key, gpg now
>> treats this key as valid.
>
> Of course, but the *problem* is that, often, actual *verification*
> isn't possible. It's someone on the other side of the world, etc.
That's true. But if you don't know someone at all, how would any
signature they made have any value to you, whether it was digital or
dead-tree style? This part of the trust issue is inherently a human
problem and it is not something that is intended to be solved by any
crypto system.
You do have the ability to assign trust and build upon trust
relationships, so that if you trust Bob to verify keys properly and
Bob happens to have met me, you could trust that my key is valid based
on Bob's certification of my key. This "web of trust" concept is a
large part of the way PGP works, by design.
> So, the reality is that most signatures stay as *unverified*, with
> the few that aren't, being labelled as verified when they're really
> not.
Can you say that last part again? How are signatures labelled as
verified when they really aren't? If you or someone you've chosen to
trust has not signed (certified) a key, no signatures made by that key
should be labelled as verified. Gpg will say it is a valid signature
from an untrusted key.
> It does something similar. A whacking great big coloured bar across
> the bottom of the page. Bright yellow if the signature matches the
> message, but isn't verified. Green if both check out. Red if some
> aspect fails. And in that bar is a clickable icon for you to get a
> wordy description (what I pasted, previously). (A screenshot of the
> bar has been attached.)
Okay. That's quite a reasonable way to display it. (Thanks for the
image.)
>> This is all not that different from signatures on paper. If I sign
>> a document as John Doe and you trust it without any other
>> verification that I am the John Doe you wish to do business with,
>> you can be easily fooled.
>
> I know. And that's the usual way it's used. Blind faith.
That's not the way I (or those that I know personally) use PGP.
That's not at all the way it is intended to be used. Anyone using it
that way gets zero security (or perhaps less than zero :).
> The blind faith aspect of using PGP, in the absense of other
> information, is one of its Achille's heels.
The very real problem of determining who to trust is not something a
crypto system is going to solve for you. Top-down systems (like
typical SSL or S/MIME certs) may try to offset this trust problem by
having a certificate authority that certifies keys and is implicitly
trusted by everyone.
I certainly have less faith in those systems than I do in a system
like PGP where I get to choose completely whom I trust (and to what
extent).
(And yeah, both SSL and S/MIME can be used in a decentralized way like
PGP is, and vice versa.)
> No, you get the warning that you see with all signed messages. The
> rather meaningless one.
I wouldn't call it meaningless. But I don't use PGP so that I can
verify signatures made by keys I don't trust (or have a trust path
to). Yes, if you want to use it to verify every signature on public
mailing lists, then you'll likely find the system isn't able to
magically solve the meat space problems of who to trust.
> The failing of the system is that it's hard to get a verifiable
> signature in the first place. i.e. For me to create mine and have
> it checked so it's meaningful for other people.
It is hard to do this between people that have never met or that don't
make some effort to get their keys into the strong set of keys, yeah.
I just don't see this as much of a problem, because I don't see the
value in worrying about trusting people that I don't know at all.
I can, if I want, get a lower level of assurance from their signatures
if I locally sign their key. That will let me know that someone may
have forged one of their messages if I suddenly get a signed message
that looks to be from that person and it's signed by a different key.
To get much more than that and I'd need to meet them or have a path
between keys of someone I know/trust and someone they know.
The value on mailing lists is that consistency can be established. If
I get 99 messages from you that are signed with one key, and one that
is signed with a different key, the odd key will stand out quite
quickly if I've locally signed your key. This consistency is one of
the reasons I sign my list mail.
I don't think we disagree on how things work so much. We just have
different opinions on how much of a problem it is that they work this
way. :-)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Happiness is good health and a bad memory.
-- Ingrid Bergman (1917-1982)
Attachment:
pgpPyHJo3C9Zz.pgp
Description: PGP signature
