keysigning and keys maintenance
The D. docs, e.g. the page at http://www.debian.org/events/keysigning ,
make a lot of effort in making sure the person (Alice's) real identity
corresponds to whatever is presented in the key (A) the person is asking
another person (Bob) to sign.
I think that an additional accent should be placed on what happens with
A after Bob signs it, and on what one's signature is worth. Any Bob's
signature is worth (for the web of trust) only as much as his least
careful signature.
Right now there are no ways for a person to say what his minimum
requirements for signing someone's key are. Leaving the identity at the
signing moment aside (that's pretty well discussed on the existing
documents), Bob might consider not to sign the key unless he's sure
Alice will keep the path to the A's secret portion trusted, and that
Alice will issue a timely revocation if it's compromised. Criteria for
the acceptable degree of paranoia of this sort may vary (E.g.: I
personally wouldn't sign a key that has it's secret portion accessed
from a windows machine full of kazaa/morpheus/... or a machine installed
from an old distro with known exploits), but if Bob's consistent, he'll
be more or less consistently trusted by various folks.
Do you think it's worth a discussion on debian-security, or should I
open a wishlist-level bug on the www.debian.org package? gnupg-doc
package (the GNU privacy handbook also omits this aspect)?
vassilii
Reply to: