Re: GPG Key Signing
>>"Robbe" == Robert Bihlmeyer <robbe@orcus.priv.at> writes:
Robbe> What additional security does this protocol offer over simple ID
Robbe> checking? IOW, what problem does it solve?
Are you implying that ensuring the person whose identity you
verified actually controls the email address and the secret pass
phrase adds no value to the web of trust?
>> It has an enormous flaw: you do not sign a key, you sign an id.
Robbe> Indeed. And I usually consider the e-mail not part of the signed data
Robbe> (although, technically it is). It would be good to have make that
Robbe> explicit by having one uid on the key without e-mail. I'd sign just
Robbe> that, and - frankly - I'm not that interested in whether the e-mail is
Robbe> signed by anybody besides the owner of the key.
So a compromiser can just merrily add email addresses that
never point to the owner, and the owner shall never know. I would
much rather send email to an ID that is in my web of trust -- not
just an id attached to a key that happens to be in my web of trust.
manoj
--
If it happens once, it's a bug. If it happens twice, it's a
feature. If it happens more than twice, it's a design philosophy.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: