[Freedombox-discuss] Santiago Verifying Requests

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Apr 17 02:20:58 UTC 2012 

On 04/16/2012 09:15 PM, Fifty Four wrote:
>  the PGP community continues to use that name. Why can't the PGP
community change it to something like P2P Identity checks as opposed to
the CA model of hierarchical identity checks? Better still just say you
appoint somebody to do identity checks on your behalf

"Web of trust" is a catchy term.  It's hard to get people drop a catchy
term, especially when either the term and its alternatives are both a
little hand-wavy to most users.

e.g. an "Identity/Certificate Agent" which is a concept similar to
Certificate Authority that most people would probably understand. Just
let the P2P Identity checks vs hierarchical identity check models recede
into the background.

I don't think i share your confidence that people already understand
certificate authorities.  The majority of people who i've explained CAs
to have been surprised to learn that they had been (and continue to)
rely on these powerful and relatively unaccountable groups.

I do like your term "p2p identity", but i'm wary of the social work it
will take to get people to start using new terms.  If we want any new
terms to stick, that kind of coinage work needs to be coupled with
building out additional infrastructure that uses the new term and makes
its meaning nice and clear.

>> This group is (significantly) smaller than the group of people whose
>> identity (and public key) i believe i know.
> This suggests that at the most you trust 3 people to do identity checks on your behalf

Where do you get this number 3 from?  I don't think that's the right
number for me.  I'd rather not publish my ownertrust database, but you
can look at your own (in rather opaque form) by looking at the output of
gpg --export-ownertrust.  Alas, i don't have a good reference for how to
interpret the output aside from the gnupg source :(

I bet if someone wanted to read the GnuPG source and submit concise and
clear documentation of the ownertrust export format, the GnuPG team
would accept such a patch.

> the "web of trust" part of PGP because by far it’s the most confusing part of PGP. Why promote something so confusing that is not widely used? 

Because the confusing thing that *is* widely used is significantly worse
due to its propensity for centralized control and resistance to
corrective action in the face of known malfeasance?

> Good point. However, when you have somebody do identity checks on your behalf there is still sort of a trust relationship.

Yes, this is exactly the distinction that GnuPG makes between User ID
validity ("do we believe the stated identity is properly bound to the
associated key(s)?") and ownertrust ("do we believe that the keyholder
makes reliably identity certifications?").

You're also right to note that this narrowly-defined sense of ownertrust
is only one sort of trust relationship.  Alice might trust Bob to make
proper identity certifications, while not even trusting him to make
toast without setting the house on fire!

> When big brother looks at your key can they tell the difference between as your "identity agents on your behalf vs those people you have just signed their keys?

Firstly, Big Brother would need to look at not just Alice's key, but
also Bob's key and associated identity information (the full "OpenPGP
certificate") in order to be able tell that Alice has certified Bob's
identity.

You'll note that Alice's ownertrust of Bob (if any) is *not* included in
the standard published OpenPGP identity certification, so Big Brother
won't be able to learn that by tracing the p2p identity graph.

It is possible to make and publish what is known as a "trust signature"
[0], which would indicate and publicize this ownertrust.  This is
extremely rare, though, and not recommended unless you have a really
good reason for doing it, and a clear understanding of the tradeoffs
involved.

I don't think we want published ownertrust for the freedombox.

I hope this clears things up a bit.

	--dkg

[0] https://tools.ietf.org/html/rfc4880#section-5.2.3.13

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120416/4566909f/attachment.pgp>

More information about the Freedombox-discuss mailing list