On Thu, Nov 07, 2013 at 01:40:22PM -0500, Daniel Kahn Gillmor wrote: > On 11/07/2013 11:09 AM, Leo Gaspard wrote: > >Except they do not have to know X, nor that he makes perfectly reasonable > >decisions in signing keys. > > > >And I believe it's not noise. Let's make an example in the real world : > > * I would entrust X with my life > > * X would entrust Y with his life, without my knowing it > > * Thus, if I actually entrusted X with my life, why should I be frightened > > if X > > asked Y to take care of me ? Provided, of course, X told me he was > > letting Y > > take care of me. After all, I would entrust X with my life, so I should > > just > > agree to any act he believes is good for me. > >(That's what I called blind trust. Somewhat more than full trust, I believe.) > > if we're talking about gpg's concept of "ownertrust", please do not muddy > the waters with "entrust X with my life"? gpg's "ownertrust" is much more > narrow than that: it says "I am willing to rely on OpenPGP certifications > made by the holder of this key". > > "entrust with my life" is not simply a superset of all other trust. I have > friends who would take care of me if i was deathly ill. I would place my > life in their hands. But they have never thought about how to do rigorous > cryptographic identity certification, and I would not rely on their OpenPGP > certifications.
Indeed, I thought of this case after having sent my email. Anyway, by "blind trust", I did mean a superset of all trusts related to keysigning. > >>Let's get back to ownertrust: in the Web of Trust, ownertrust is an > >>expression > >>of how well you think other people verify identities before they sign a > >>key. If > >>you sign key K2 based on X's signature, you haven't verified Y's identity. > >>You've probably verified X's identity, but not Y's. So you shouldn't sign > >>K2. > > > >So, is a signature a matter of belief in the validity of the key or of actual > >work to verify the key ? > > An OpenPGP certification says "I believe that Key X belongs to the person > identified by User ID U". Most people would not want to make that statement > publicly without having thought about it and convinced themselves somehow > that it is true. What it takes to convince each person may well vary, which > is why we assign different ownertrust to different people. When making a > public assertion like an OpenPGP certification, it is also probably > reasonable to ask what the parties involved (or the rest of the world) gains > from making that statement. Just because you believe a statement to be true > doesn't mean you need to make it publicly, with strong cryptographic > assurances, and it may have bad consequences. > > Also, consider that certifications are not necessarily forever. If Alice > relies solely on Carol's certification to believe that key X belongs to Bob, > and Alice then certifies (Bob,X), what does Alice do if Carol revokes her > certification? If Alice doesn't pay attention and revoke her own > certification, then she is announcing as fact to the world something that > she should no longer believe to be true (assuming that she was relying only > on Carol's certification for that belief). This sounds like an untenable > maintenance situation I personally would rather avoid, which is why i do not > make public certifications based solely on other people's certifications. Indeed. I just backed off in my answer to Peter, by understanding why it was not needed. However, I believe that for the initial problem (ie. key change), information provided by a signed message accompanied from a UID on the other key is significant enough, and moreover definite, so I would not be bothered signing such a new key (of course, also revoking the signature on the old key). > >If I understood correctly, the depth parameter you are talking about is > >useless, > >except in case there are trust signature. And you agreed with me for them to > >be > >taken out of the equation. > > The depth parameter is useful even without trust signatures. Peter Lebbings > response upthread describes the scenario. Indeed. Thanks for your answer, clarifying once again what signatures mean ! (I know, I'm slow to understand, but I think I'm OK no.) Cheers, Leo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users