[Freedombox-discuss] machine-parseable key transition statements [was: Re: Key Report Published]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Aug 20 14:42:45 UTC 2013
On 08/05/2013 11:04 PM, Nick Daly wrote:
> I'd also like it to understand transition statements, but I haven't even
> given thought as to *how* to do that. There're lots of unknowns there.
I tend to think of key transition statements as human-readable
documents, and i'm not sure we should expect them to be parseable by
software (other than the signature verification itself, of course).
It raises an interesting question of whether there should be a
machine-parseable form of such a statement, but i don't think that has
been specified by anyone. I can also report that i've heard pushback
against the idea of key transition statements (since they could be
created by an attacker who managed to compromise the "old" key, to
"transition" it to their own "new" key), which would probably be raised
even more strongly against automatically parsed key transition
statements. It may turn out that having a human in the loop for an
event as significant as a primary key transition is a worthwhile sanity
check. OTOH, it's not clear to me what special sauce a human is
supposed to add to this check other than "this seems sketchy" or "this
seems plausible". For people well-versed in key management, this is
probably superior to automated/machine-parseable key transition, but for
people who are struggling with the concepts of keys in general, it seems
like it could be significantly worse than a tightly-written, automated
mechanical transition with a few sensible safeguards built in.
in other words, i'm on the fence about this, but i'd be interested in
persuasive arguments one way or another :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1027 bytes
Desc: OpenPGP digital signature
More information about the Freedombox-discuss