Re: [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys

To: debconf-discuss@lists.debconf.org
Subject: Re: [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys
From: Holger Levsen <debian@layer-acht.org>
Date: Thu, 25 May 2006 15:04:53 +0200
Message-id: <[🔎] 200605251504.59734.debian@layer-acht.org>
In-reply-to: <[🔎] 20060524052634.GB3701@mauritius.dodds.net>
References: <[🔎] 20060524052634.GB3701@mauritius.dodds.net>

Hi,

while I agree that flaws in the actual protocol being used are problematic and 
worth pointing out, I wonder much more why people aren't more worried about 
how people use their computers: (double booting windows and) not using 
encrypted partitions, leaving there computers unlocked while being away, 
using binary only (non-free) software, running experimental packages from 
various sources (assuming that sid, testing and stable are safe..), etc. This 
potentially exposes the integrity of the private key, not only the integrity 
of signatures - which later can be revoked anyway.

After a talk about the problems with gpg's web of trust at 22C3 (e.g. in what 
do you put trust when you sign a key? the person being the person or her/his 
ability to keep his private key private or his ability to sign other peoples 
keys ? There are no good tools to view a chain of trust except for some 
web-services (run by unknown (and therefore untrusted) strangers))) I asked 
Peter Palfreder (bcc'ed) why he partipates in key signings, his reply was 
simple: "It's a game. And I won :)" 

http://events.ccc.de/congress/2005/fahrplan/events/545.en.html
http://media.ccc.de/filez/congress/2005/lectures/video/mp4/22C3-videos-complete-20050506-torrents/22C3-545-en-web_of_trust.mp4.torrent

To me, a better and more trustworthy system for debian (than just relying on 
signed uploads) would be something with combined security measures, for 
example signed uploads (from multiple persons if possible) where the sources 
come out of trusted (ha!) version control systems. And even if we implement 
that in x years, we still would have trust problems, see 
http://cm.bell-labs.com/who/ken/trust.html ("The moral is obvious. You can't 
trust code that you did not totally create yourself. ")

Having said this, I also do believe that any step to create a bit more trust 
is a worthwhile one. We should just never forget, that _we_ don't sign stuff 
with gpg, it's our computer who does the signing. And this is completly 
different from "real" signatures.


regards,
	Holger

Attachment: pgpdsJ6fu3oMv.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys
  - From: Manoj Srivastava <srivasta@acm.org>
- Re: [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys
  - From: Steve Langasek <vorlon@debian.org>

References:
- [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: [Debconf-discuss] Please revoke your signatures from Martin Kraff's keys
Next by Date: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Previous by thread: Re: [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys
Next by thread: Re: [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys
Index(es):
- Date
- Thread