[Freedombox-discuss] Santiago Verifying Requests

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Apr 13 03:57:38 UTC 2012 

On 04/12/2012 11:29 PM, Nick M. Daly wrote:

> spending most of my spare time trying to figure out how GnuPG and
> Python-GnuPG differentiate between "this signature is mathematically
> self-authenticating" and "this signer is within my web of trust" - it's
> unclear from the documentation how to tease apart those concepts.

I'm not sure the latter concept is particularly meaningful even on its
own.  The "web of trust" is probably a misnomer -- it leads many folks
astray.  In the PGP world, this term describes a network of assertions
about identity, which is overlaid with some (only very occasionally
public) indications of willingness to rely on these identity assertions.

The "willingness to rely on" is the only thing close to any common
layman concept of "trust".  These are privately-held, for the most part.
(i can count the number of public trust-assertions i know of in OpenPGP
on one hand)

So what is "within my web of trust" ?  Well, there's the handful of
people who i'm willing to rely on to make claims of identity; people
about whom i think:

 * they do a decent job of identifying people -- (what does "decent"
mean to you?)

 * they take reasonable care with their secret key material, so i
reasonably can expect it to not be compromised without their knowledge
(and that they would revoke their keys if they discover them to be
compromised)

 * they share some set of values with me, such that i don't expect them
to maliciously introduce fake claims of identity.

This group is (significantly) smaller than the group of people whose
identity (and public key) i believe i know.

> Nice job identifying the purpose behind each step.  I included step 3 so
> that A's message to B could pass through any number of proxies who trust
> neither A nor B (only the first and last proxies need to trust A and B,
> respectively).  The idea is to relay only messages that come from
> friends.  This keeps any private Web-of-Trust nodes private.

How do you know that people are friends?  Just because Alice signs Bob's
key does not mean that they are friends.  It means that Alice believes
she knows who Bob is, and what his public key is.

Alice might even intensely dislike and distrust Bob; but she could still
sign his key.

> This allows me to publish my key and publicly sign other keys, but to
> also trust (yet never publish) some trust-relationships. 

By publishing your key and publicly signing other keys, you are *not*
publishing any trust-relationships.  You are making assertions of
identity, not assertions of trust.

> Perhaps that
> particular trust relationship (pseudonymous or not) is sensitive
> information.  Granted, these private trusts contribute nothing to the
> WoT but they are a useful privacy-protecting feature nonetheless.

There is a lot of information that you would normally keep private, such
as the actual trust relationships themselves.

Let's say Alice and Charlie work together closely in a tight-knit
collective at night, and Alice and Bob are co-workers in a business
together during the day.  Alice finds Bob boring and careless;  She
thinks of Charlie as perceptive and bright.  The OpenPGP web of trust
contains none of these qualitative judgments. What's more, i think it
*shouldn't* contain these sorts of judgments; they make it harder to
make statements of identity (because you'd be concerned about these
other qualitative statements, which are much more open to change and
reinterpretation), and they make it easier for a would-be big brother to
mechanically figure out exactly who is a trusted and respected figure
within certain subsets of the social graph.


> On Thu, 12 Apr 2012 09:16:32 -0700, Jack Wilborn wrote:
>> I was just curious if we are using the en/de encryption that the CPU has
>> internally or are we using software to do this?  Just curious, hope we are
>> using the supplied hardware to handle this within the CPU.
> 
> I don't think I understand your question.  I ask the Python-software to
> perform the calculation, which it performs with the CPU (through pure
> magic, as far as I know).  Are you asking "do we farm these calculations
> out to a math-coprocessor?"  That's dependent on CPU architecture (IIRC?).
> Don't know if DreamPlug has one, but your standard x86 system will.

I suspect Jack is asking you about being able to hand some of this
computation over to something like an embedded AES processor (e.g.
AES-NI), if the machine has such a thing.  I strongly advise you to
*not* worry about this sort of thing at this stage of the game.  Make
sure the code you write is reasonable, choose decent algorithms where
possible, and worry about CPU offloading only once you're convinced of
the correctness of the rest of your implementation.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120412/f8f4310a/attachment.pgp>

More information about the Freedombox-discuss mailing list