Bug#204038: marked as done (Keysigning: Signers should not upload signatures)
Your message dated Sun, 17 Aug 2003 14:17:59 +0200
with message-id <1061122678.25701.90.camel@thanatos>
and subject line No change needed
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Aug 2003 00:47:41 +0000
>From jdthood@yahoo.co.uk Sun Aug 03 19:40:58 2003
Return-path: <jdthood@yahoo.co.uk>
Received: from mars.mj.nl [81.91.1.49]
by master.debian.org with smtp (Exim 3.35 1 (Debian))
id 19jTPG-0000TG-00; Sun, 03 Aug 2003 19:40:58 -0500
Received: (qmail 29367 invoked from network); 4 Aug 2003 00:40:57 -0000
Received: from 81-91-5-95-customer.mjdsl.nl (HELO thanatos.localdomain) (81.91.5.95)
by www.mj.nl with SMTP; 4 Aug 2003 00:40:57 -0000
Received: by thanatos.localdomain (Postfix, from userid 1001)
id 99DBC10D9E6; Mon, 4 Aug 2003 02:40:56 +0200 (CEST)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="ISO-8859-15"
From: Thomas Hood <jdthood@yahoo.co.uk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Keysigning: signers should not uploaded signatures
X-Mailer: reportbug 2.20
Date: Mon, 04 Aug 2003 02:40:56 +0200
Message-Id: <[🔎] 20030804004056.99DBC10D9E6@thanatos.localdomain>
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0
tests=BAYES_20,HAS_PACKAGE
version=2.53-bugs.debian.org_2003_07_20
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_07_20 (1.174.2.15-2003-03-30-exp)
Package: www.debian.org
Version: unavailable; reported 2003-08-04
Severity: wishlist
On the keysigning page in the "What you should not do"
section it would be useful to mention that the signed key
should be sent to the key's owner and not immediately
uploaded to a public keyserver. This is implied by the
procedure described earlier, but not with crystal clarity,
and indeed I have been to keysignings where uploading
signatures to keyservers was considered routine.
The reason for this restriction is that one usually signs
a key after a person presents ID that links his face with
his name and a fingerprint-printout that links his name
with his key. Assume that the ID is trustworthy and the
face matches the picture on the ID so that the face-name
link is proven. One is prepared to sign the key to say
that this person claims this key. However, the key also
lists an email address and unless something further is
done there is nothing to prove that this person owns this
email address (except perhaps for the fact that the
person is present, if the occasion is a keysigning that
was arranged by private email). It adds to the security
of the process if the signature is emailed to that address.
It will then only be uploaded if and only if the person in
question really owns that address. If the address actually
belongs to someone else then she will not upload the key
but will probably make inquiries into who is claiming to
own her email address.
If my thinking is muddled here, please let me know.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux thanatos 2.4.21 #3 Wed Jun 18 21:35:52 CEST 2003 i686
Locale: LANG=en_IE@euro, LC_CTYPE=en_IE@euro
---------------------------------------
Received: (at 204038-done) by bugs.debian.org; 17 Aug 2003 12:18:59 +0000
>From jdthood@yahoo.co.uk Sun Aug 17 07:18:43 2003
Return-path: <jdthood@yahoo.co.uk>
Received: from mars.mj.nl [81.91.1.49]
by master.debian.org with smtp (Exim 3.35 1 (Debian))
id 19oMUa-00071D-00; Sun, 17 Aug 2003 07:18:40 -0500
Received: (qmail 23106 invoked from network); 17 Aug 2003 12:18:40 -0000
Received: from 81-91-5-95-customer.mjdsl.nl (HELO thanatos.localdomain) (81.91.5.95)
by www.mj.nl with SMTP; 17 Aug 2003 12:18:40 -0000
Received: from thanatos (thanatos [127.0.0.1])
by thanatos.localdomain (Postfix) with ESMTP id 0896710D657
for <204038-done@bugs.debian.org>; Sun, 17 Aug 2003 14:18:00 +0200 (CEST)
Subject: No change needed
From: Thomas Hood <jdthood@yahoo.co.uk>
To: 204038-done@bugs.debian.org
Content-Type: text/plain
Message-Id: <1061122678.25701.90.camel@thanatos>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.4
Date: Sun, 17 Aug 2003 14:17:59 +0200
Content-Transfer-Encoding: 7bit
Delivered-To: 204038-done@bugs.debian.org
X-Spam-Status: No, hits=2.0 required=4.0
tests=PENISACCENT,USER_AGENT_XIMIAN
version=2.53-bugs.debian.org_2003_8_15
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_8_15 (1.174.2.15-2003-03-30-exp)
Here is another way of thinking of this.
The signature testifies to the claim, not to the "soundness"
of the claim -- it does not testify to the claimaint's
actually having a private key corresponding to the public
key (she may have lost it) or to her being able to receive
mail at the listed e-mail address. The trust system excludes
the use of keys for which their are no witnessed claims and
thus safeguards against the use of "false" keys.
(One can still disseminate a false key for someone
by impersonating her -- which is rather easy if she happens
to have the same name as oneself.) It does not exclude the
use of keys which contain incorrect information about the
named person. It is up to the person who looks up a key by
searching on such information to make sure that the name on
the key found is the name he is really looking for.
If this is how signatures are to be interpreted then there
is no need to take the precautions I suggested earlier.
Reply to: