Jorgen Cederlof on 31 Mar 2004 17:05:05 -0000 |
I just saw this, and felt I have to say something about it. On Sat, Feb 07, 2004 at 11:21:05 -0500, gabriel rosenkoetter wrote: > On Fri, Feb 06, 2004 at 10:18:51PM -0500, David Shaw wrote: >> His requirement that he is already connected to someone before he >> signs their key is a little odd, but that's his priviledge. > I thought that was rather snide too. But he's a member of the strong > set, so maybe he gets a lot of random "could you sign my key so I > can join the strong set?" requests. No, I haven't received any mail like that, and I definitely wouldn't sign the key if I did. In fact, the signing policy says I don't sign keys like that. But the wording in the policy could be better to make it clear that it applies to well-known people, which are already deep into the strong set, with which I have had a (long-standing) mail conversation with _regarding_something_else_. >> I'll spare you all a rant on the subject, and content myself with >> parsing the above statement: >> >> "I may sign keys when I have not met the person or verified the >> key." >> >> This is a dreadful, dreadful idea. Remember that the check level >> numbers are for human reading - the computer, when building the web >> of trust, treats all signatures the same. > I don't think he understands that. (I'll admit that I didn't when I > first started assigning those values. It's maybe a bit misleading to > even have the capability to do that, but it'd be hard to remove it > now.) Oh, I did put some thought into that. The first time I signed someone like that was after he signed me in that way. He has a long-standing reputation in web-of-trust interpretation, which made me beleive that is was kind of standard practice. I beleive (but I can't check right now) that he is the only one I signed with level one. Furthermore, the GnuPG manual page says: 1 means you believe the key is owned by the person who claims to own it but you could not, or did not verify the key at all. This is useful for a "persona" verification, where you sign the key of a pseudonymous user. [...] Note that the examples given above for levels 2 and 3 are just that: examples. In the end, it is up to you to decide just what "casual" and "extensive" mean to you. Given those words, any software or user treating a level one certificate the same as a level three certificate is not to be trusted. (Yes, I know, Wotsap currently does not differentiate cert check levels, but my soon-to-be-released CVS version does both show the level graphically and makes it possible to filter based on levels.) Given Davids response, he might be the author of the above quoted man page words. Did I misinterprete the manual page? It says that level 2-3 are examples, which implies that level 1 is quite standard. Even with level 1 being as undefined as the rest, I still wouldn't give much trust to a certificate which the issuer explicitely set to level 1. The only real point I see in your objections is that GnuPG treats all cert check levels alike, but that's a bug in GnuPG and not in my certificates. (I don't use GnuPGs web-of-trust calculations myself, I have after all written alternative software for evaluating the web-of-trust.) If there is some point I have misunderstood and there really is a problem with using level one certificates this way, I will of course revoke the signature(s) and change the policy. Please CC replies to me, I don't subscribe to this list. Regards, Jörgen Attachment:
signature.asc
|
|