Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures)

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures)

From:	Ethan Blanton
Subject:	Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures)
Date:	Wed, 2 Aug 2006 00:00:33 -0400
User-agent:	Mutt/1.5.11

Jack Lloyd spake unto us the following wisdom:
> On Tue, Aug 01, 2006 at 04:25:33PM -0400, Ethan Blanton wrote:
> > So, not to get into a big long PGP discussion here, but this is really
> > not that useful.  I'm well-signed into the strongly connected subset,
> > myself, but that doesn't directly translate to anything particularly
> > valuable -- for example, I can find paths of length 3 from myself to
> > Graydon, and similar from myself to you, but those paths are *not* via
> > signers whom I trust, and as such they are not particularly useful to
> > me.  It doesn't really matter to me that some guy I don't know from
> > Adam has signed your key, regardless of how well I may know and trust
> > the first link in the chain.
> > 
> > So, while increasing the size of the strongly connected set is
> > academically interesting and makes for an amusing popularity contest,
> > it's not really useful for something like file distribution.
> 
> I would have to disagree. While I have no chain of signatures to
> Graydon's key, having it stored in my keyring means that if and when
> venge.net is compromised and the monotone source code backdoored, I
> would be able to detect that (assuming I checked the sig), unless
> venge.net was compromised at the point when I got the key from
> there. The fact that I can't actually verify the key cooresponds to an
> entity known in the real world as "Graydon Hoare" (assuming such an
> entity actually exists) is meaningless.

This is really an entirely different issue.  "I have a key purporting
to be Graydon's key, have had it for X amount of time, and have had no
reason to disbelieve that it is his" is very similar to my kernel
signing key example; I think we're violently agreeing.  :-)  The point
is that the web-of-trust signatures which are more than one-hop
removed from me are not part of this equation -- *anyone* can create a
key and put my name at the top, or Graydon's name at the top, or
whatever, and get *someone* to sign it.

> Shipping the PGP fingerprints (or keys) of the developers in the
> source distribution would also make for a decent transititive trust
> situation. If you trust a tarball enough to compile the code and run
> it, you should also be able to trust the keys contained therein are
> ones you want to trust (for the purposes of verifying future monotone
> builds, at least).

Agreed, particularly after some number of releases continue to attest
to the same information.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
                -- Cesare Beccaria, "On Crimes and Punishments", 1764

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Re: BZ2 & signatures, Lapo Luchini, 2006/08/01
- PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures), Ethan Blanton, 2006/08/01
  - [Monotone-devel] Re: PGP key signing, Bruce Stephens, 2006/08/01
    - [Monotone-devel] Re: PGP key signing, Graydon Hoare, 2006/08/01
  - [Monotone-devel] Re: PGP key signing, Lapo Luchini, 2006/08/01
  - Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures), Jack Lloyd, 2006/08/01
    - Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures), Ethan Blanton <=

Prev by Date: Re: [Monotone-devel] I/O failure while talking to peer
Next by Date: [Monotone-devel] Re: MTN-over-SSH's syntax
Previous by thread: Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures)
Next by thread: Re: [Monotone-devel] I/O failure while talking to peer
Index(es):
- Date
- Thread