>>>>> "Peter" == Peter Palfrader <weasel@debian.org> writes:
Peter> Hi Ralf!
Peter> On Tue, 17 Apr 2001, Ralf Treinen wrote:
>> > Congratulations, you have just allowed me to impersonate Peter Palfrader
>> > <sirpeter@gmx.net>, who happens to be an all together different Peter
>> > Palfrader than me.
>>
>> If I only signed the first one you enter the web of trust, and
>> hence can sign yourself the other one.
Peter> Trust is not something that can be handled automatically.
Peter> It all depends on how much you trust the people in the chain to do good
Peter> key signing.
Peter> signed signed
Peter> (me) --------> (you) -------> Mallory <good@noreply.org>
Peter> I trust you and myself to do keysignatures only when everything is correct,
Peter> Therefore I can assume that good@noreply.org actually is Mallory's address.
Okay, so you can have some (not high, but some) assurance that Mallory
is good@noreply.org (like postmaster@big-isp.com, to emphasize where I
think the most tangible benefit is at). But...
Peter> signed signed signed
Peter> (me) --------> (you) -------> Mallory <good@noreply.org> --------> Mallory <bad@noreply.org>
Peter> I trust you and myself but I've no reason at all to trust Mallory. Don't
Peter> get me wrong, I trust that good@noreply.org acutally _is_ Mallory, but her
Peter> signatures are worthless because I do not trust her.
... you can *not* be sure good@noreply.org is Mallory! Not without a
mail from there being signed by her... well, and if it's signed, what
use is the email address anyway? Apart from the use above, of
course... (the signature block does not contain the ID specified,
apparently it only contains the numeric key ID).
But the email *alone* never tells you anything much.
Peter> So bad@noreply.org might be Mallory's email address or
Peter> not. I have no way to find out.
Not by using GPG that is (and I do think PGP was never intended for
this purpose: authentication yes, but authorization no. At least
that's the way I see it (and handle it))
Peter> otoh if you signed bad@noreply.org directly:
Peter> signed signed
Peter> (me) --------> (you) -------> Mallory <bad@noreply.org>
Peter> and I trusted you, I would take your word for it and
Peter> Mallory could trick me into believing she was the person
Peter> behind bad@noreply.org, based on YOUR ASSERTION.
As I said above: I wouldn't rely on GPG to ensure that someone really
had the post he/she claimed to have. Which this boils down to, I
think. There are other, more traditional, ways, and I'd use
them... especially if it was of any importance.
Bye, J
PS: I have a ton of signatures on jae@ilk.de... but since this address
is falling into disuse, I'll probably get rid of it soonish. Soon
after that someone else might get it... and what use is your
"jae@ilk.de is Jürgen Erhard" assurance then? Nothing. But the
"2E7AAACD is Jürgen Erhard" is still valid.
PPS: If I want to be sure that sending to mallory@stupid-company.com
really gets to Mallory, and the her only... well, I'd encrypt it if it
was *that* sensitive!
--
Jürgen A. Erhard juergen.erhard@gmx.net phone: (GERMANY) 0721 27326
My WebHome: http://members.tripod.com/Juergen_Erhard
"All language designers are arrogant.
Goes with the territory..." -- Larry Wall
Attachment:
pgpQQtxv8DHpM.pgp
Description: PGP signature