Re: Migrating to GPG - A mini-HOWTO

[Paul Slootman <paul@wau.mis.ah.nl>]

On Tue 14 Sep 1999, Jason Gunthorpe wrote:
> On 14 Sep 1999, Ben Pfaff wrote:
> > Michael Stone <mstone@debian.org> writes:
> > 
> >    Again, no it isn't. How do they know that someone didn't steal your pgp
> >    key?=20
>  
> > How is this different from the question ``How does dinstall (or other
> > person/program) know someone hasn't stolen [developer]'s PGP key?''
> 
> Because you can revoke the old key and have all of it's signatures become
> invalid. But, you cannot revoke this 'new' key that was created and passed
> around as real using your compromised old key. It now has real signatures
> that say 'I know for certain that this key belongs to this person'.

OK, but still things may have been done because the old key was not
yet revoked, or the revoking hasn't trickled through everywhere yet.
I'm sure that most people don't check with the central key servers
every time they check a signature.

> With dinstall a compromise is short lived and can be undone by erasing the
> effected package. Creating a new key and getting people to sign it cannot
> really be undone.

How do you prove to whoever is able to erase the package that you
are who you say you are? I.e. how do you convince them that they
should in fact erase the package?  In short, the problem just moves
around; being able to revoke a key is great, but still leaves many
problems open.


Paul Slootman
-- 
home:       paul@wurtel.demon.nl http://www.wurtel.demon.nl/
work:       paul@murphy.nl       http://www.murphy.nl/
debian:     paul@debian.org      http://www.debian.org/
isdn4linux: paul@isdn4linux.de   http://www.isdn4linux.de/