[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures)
From: |
Ethan Blanton |
Subject: |
Re: PGP key signing (Was: Re: [Monotone-devel] Re: BZ2 & signatures) |
Date: |
Wed, 2 Aug 2006 00:00:33 -0400 |
User-agent: |
Mutt/1.5.11 |
Jack Lloyd spake unto us the following wisdom:
> On Tue, Aug 01, 2006 at 04:25:33PM -0400, Ethan Blanton wrote:
> > So, not to get into a big long PGP discussion here, but this is really
> > not that useful. I'm well-signed into the strongly connected subset,
> > myself, but that doesn't directly translate to anything particularly
> > valuable -- for example, I can find paths of length 3 from myself to
> > Graydon, and similar from myself to you, but those paths are *not* via
> > signers whom I trust, and as such they are not particularly useful to
> > me. It doesn't really matter to me that some guy I don't know from
> > Adam has signed your key, regardless of how well I may know and trust
> > the first link in the chain.
> >
> > So, while increasing the size of the strongly connected set is
> > academically interesting and makes for an amusing popularity contest,
> > it's not really useful for something like file distribution.
>
> I would have to disagree. While I have no chain of signatures to
> Graydon's key, having it stored in my keyring means that if and when
> venge.net is compromised and the monotone source code backdoored, I
> would be able to detect that (assuming I checked the sig), unless
> venge.net was compromised at the point when I got the key from
> there. The fact that I can't actually verify the key cooresponds to an
> entity known in the real world as "Graydon Hoare" (assuming such an
> entity actually exists) is meaningless.
This is really an entirely different issue. "I have a key purporting
to be Graydon's key, have had it for X amount of time, and have had no
reason to disbelieve that it is his" is very similar to my kernel
signing key example; I think we're violently agreeing. :-) The point
is that the web-of-trust signatures which are more than one-hop
removed from me are not part of this equation -- *anyone* can create a
key and put my name at the top, or Graydon's name at the top, or
whatever, and get *someone* to sign it.
> Shipping the PGP fingerprints (or keys) of the developers in the
> source distribution would also make for a decent transititive trust
> situation. If you trust a tarball enough to compile the code and run
> it, you should also be able to trust the keys contained therein are
> ones you want to trust (for the purposes of verifying future monotone
> builds, at least).
Agreed, particularly after some number of releases continue to attest
to the same information.
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
signature.asc
Description: Digital signature