>>>>> "Peter" == Peter Palfrader <weasel@debian.org> writes: Peter> Hi Ralf! Peter> On Tue, 17 Apr 2001, Ralf Treinen wrote: >> > Congratulations, you have just allowed me to impersonate Peter Palfrader >> > <sirpeter@gmx.net>, who happens to be an all together different Peter >> > Palfrader than me. >> >> If I only signed the first one you enter the web of trust, and >> hence can sign yourself the other one. Peter> Trust is not something that can be handled automatically. Peter> It all depends on how much you trust the people in the chain to do good Peter> key signing. Peter> signed signed Peter> (me) --------> (you) -------> Mallory <good@noreply.org> Peter> I trust you and myself to do keysignatures only when everything is correct, Peter> Therefore I can assume that good@noreply.org actually is Mallory's address. Okay, so you can have some (not high, but some) assurance that Mallory is good@noreply.org (like postmaster@big-isp.com, to emphasize where I think the most tangible benefit is at). But... Peter> signed signed signed Peter> (me) --------> (you) -------> Mallory <good@noreply.org> --------> Mallory <bad@noreply.org> Peter> I trust you and myself but I've no reason at all to trust Mallory. Don't Peter> get me wrong, I trust that good@noreply.org acutally _is_ Mallory, but her Peter> signatures are worthless because I do not trust her. ... you can *not* be sure good@noreply.org is Mallory! Not without a mail from there being signed by her... well, and if it's signed, what use is the email address anyway? Apart from the use above, of course... (the signature block does not contain the ID specified, apparently it only contains the numeric key ID). But the email *alone* never tells you anything much. Peter> So bad@noreply.org might be Mallory's email address or Peter> not. I have no way to find out. Not by using GPG that is (and I do think PGP was never intended for this purpose: authentication yes, but authorization no. At least that's the way I see it (and handle it)) Peter> otoh if you signed bad@noreply.org directly: Peter> signed signed Peter> (me) --------> (you) -------> Mallory <bad@noreply.org> Peter> and I trusted you, I would take your word for it and Peter> Mallory could trick me into believing she was the person Peter> behind bad@noreply.org, based on YOUR ASSERTION. As I said above: I wouldn't rely on GPG to ensure that someone really had the post he/she claimed to have. Which this boils down to, I think. There are other, more traditional, ways, and I'd use them... especially if it was of any importance. Bye, J PS: I have a ton of signatures on jae@ilk.de... but since this address is falling into disuse, I'll probably get rid of it soonish. Soon after that someone else might get it... and what use is your "jae@ilk.de is Jürgen Erhard" assurance then? Nothing. But the "2E7AAACD is Jürgen Erhard" is still valid. PPS: If I want to be sure that sending to mallory@stupid-company.com really gets to Mallory, and the her only... well, I'd encrypt it if it was *that* sensitive! -- Jürgen A. Erhard juergen.erhard@gmx.net phone: (GERMANY) 0721 27326 My WebHome: http://members.tripod.com/Juergen_Erhard "All language designers are arrogant. Goes with the territory..." -- Larry Wall
Attachment:
pgpQQtxv8DHpM.pgp
Description: PGP signature