On 12 August 2013 11:13, Glenn McIntosh wrote:

I have come across one person who prefers to upload the signatures to the public keyserver themselves, because they are particular about sanitizing the signature set (such as rejecting ones that rely on SHA1 instead of SHA512).

Note you really have to send to key to the person, using the email address on the key you signed, and then get them to publish the key. Otherwise, how can you be sure that the email address you just signed is correct? -- Brian May

Brian May writes:

Otherwise, how can you be sure that the email address you just signed is correct?

You don't need to know that it's correct. The purpose of your signature is not to say “this is a correct email address”, since that can change at any point in the future. Rather, the purpose of your signature is to say “I met this person, verified they are who they say they are, and this person tells me this is their email address and public key”. You're recording a historical fact, true for a point in time, not guaranteeing that any particular thing will work in future. -- \ “Beware of bugs in the above code; I have only proved it | `\ correct, not tried it.” —Donald Knuth, 1977-03-29 | _o__) | Ben Finney

Glenn McIntosh writes:

On 12/08/13 15:49, Ben Finney wrote:

...

Rather, the purpose of your signature is to say “I met this person, verified they are who they say they are, and this person tells me this is their email address and public key”.

I don't think of it that way; when I sign GPG keys, I am signing each uid separately. Some uids contain an email address for that person, and I'd like to know that the address is actually connected to them when I sign it. Just as there might be another uid that is a photo, and signing it means that I recognize the photo to be of that person.

Yes, that's what your signature means. But “this email address is connected with this person” is satisfied by “this person told me this email address identifies them”. If you're expecting a signature to mean “I have verified this email address delivers mail to this person”, you're going to be disappointed since that's not what it's meant to imply :-) -- \ “Odious ideas are not entitled to hide from criticism behind | `\ the human shield of their believers' feelings.” —Richard | _o__) Stallman | Ben Finney

On 12 August 2013 18:16, Adam Bolte wrote:

This is a really good point. I'm not sure which side of the fence is best, but I feel that we should quickly discuss this point on Thursday if time permits.

Problem is that the name of the person doesn't uniquely identify the person. The email [1] address does. So I could get people to sign my key as: Brian May It matches my passport. It looks right. It must be ok, right? The fact this email address may not be valid doesn't matter (and is probably better that way). I now can impersonate Brian May[2], and ensure he gets blamed for all my evil doings. Just as he could have a certificate signed with my email address, and pretend to be me. Sure, he won't get the emails, but can still do a lot of damage. [1] Almost always anyway. Sometimes email addresses can be reassigned however (IIRC Yahoo or somebody was doing this). [2] hint: http://www.brianmay.com/ - it isn't me! -- Brian May

On 13 August 2013 10:39, Aníbal Monsalve Salazar wrote:

And not only that. If caff is used, the gpg signauture will be sent encrypted and the owner of the email address has to have the secret key to open the encrypted signature.

Good point. For that matter, would anyone here object to signing the following key for me? If so, why? If not, why not? Brian Mays Do a Google search, if lucky you may find that I use to be responsible for PCMCIA in Debian, but run out of time, so now other people have taken over. Yes, I am definitely a Debian developer too. That email address is a valid email address too (Google can prove this). Most people signing wouldn't bother checking details like this with Google. -- Brian May

On Tue, Aug 13, 2013 at 10:24 AM, Brian May wrote:

On 12 August 2013 18:16, Adam Bolte wrote:

...

This is a really good point. I'm not sure which side of the fence is best, but I feel that we should quickly discuss this point on Thursday if time permits.

Problem is that the name of the person doesn't uniquely identify the person. The email [1] address does.

[etc] I'm lost, maybe somebody can enlighten me. The "Web of trust" entry in wikipedia says: "a *web of trust* is a concept used in PGPhttps://en.wikipedia.org/wiki/Pretty_Good_Privacy, GnuPG https://en.wikipedia.org/wiki/GNU_Privacy_Guard, and other OpenPGPhttps://en.wikipedia.org/wiki/OpenPGP-compatible systems to establish the authenticity of the binding between a public key and *its owner*" Now, my question: what an email address has to do with the identity of the owner? By the same measure, what the "full person name" or any other "govt/authority emitted ID" have to do with the identity of the owner? E.g. assume that someone is involved in a OSS project under a pseudonym and very few contributors inside the project actually know the person under that pseudonym (even more, say none outside the project know the actual person). Now, that person would like to have that* pseudonym* trusted by all the project members and outside the project's contributors circle, but *without disclosing to real person identity*. Let's assume the presence at the "signing party" of one "trusted member of the web of trust" that can vouch for the one the "known by pseudonym only" participant. How does it work? Can the public key for the pseudonymous participant be "certified as trusted" at that signing party? (rephrasing the question: is a signing party a method good enough to establish a trust relationship in a "pseudonymous persona"? If not, why?) Adrian

You seem to suggest that an email address is as best an ID as there could be. My question: why is there a need for any other ID that's different from the public key? I.e.: the "sufficient certification" should actually be "We, the signers of this public key, certifies this public key belongs to a person we trust"? (and, of course, refuse to sign a key for any person they don't actually trust, no matter the govt issued ID-es or anything else). Why would one need to ask something in addition (impose extra requirements that don't add much to the "trust relationship"?) Maybe I'm wrong, but starting from a certified public key (and the dual ownership of the private one), the owner can use it to "self-sign" any other pairs for the email addresses of the various personas (or servers that she sets up, or public keys owned by other person that she trusts). Is it not so? Adrian On Tue, Aug 13, 2013 at 3:56 PM, Brian May wrote:

On 13 August 2013 15:38, Adrian Colomitchi wrote:

...

Now, my question: what an email address has to do with the identity of the owner? By the same measure, what the "full person name" or any other "govt/authority emitted ID" have to do with the identity of the owner?

I have the same problem. I don't think the govt/authority emitted ID means anything really. Different people can share the same name, so it doesn't uniquely identify the person. Furthermore I think I can change my legal name and have it be the same as some other person.

The good thing about email addresses is generally they are not shared and they are not reused. So it becomes a good way of identifying people.

e.g. this is what git uses to identify authors.

Of course, this isn't perfect. "Not reused" is not guaranteed. I use to make work related git commits using my work email address, however if I left my current job they are free to reuse my email address (they say they won't and it is unlikely to be an actual issue). So all my git commits would now belong to somebody else. I can't change these either, without rewriting the entire git history for these projects. So now I use my personal email address which I know will last.

Both names and email addresses can change. Which is a problem, however this doesn't necessarily invalidate the old id. -- Brian May _______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au

http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-m...

Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Ah, I get it now. Key signing is one way of certifying identity. Identity *may* be a contributing factor in trust, but establishing a "Web of trust" is not the primary objective of the key signing parties. Thanks, Adrian On Tue, Aug 13, 2013 at 4:56 PM, Ben Finney < ben+freesoftware@benfinney.id.au> wrote:

Adrian Colomitchi writes:

...

My question: why is there a need for any other ID that's different from the public key?

The entire purpose of a keysigning party is to gather *independent verification* that the key ID is correctly associated with that person.

This is why we ask for identifiers that are independent of the web of trust, and why we require the person to assert in our presence that the key is theirs, and why we prefer identifiers that tend to be easily verified and issued by well-known bodies to individual persons by a verifiable process.

It is also why no-one needs to sign any key in the presence of anyone else. It's entirely up to the signer whether they are satisfied with the key-holder's identity, and they can wait until after the party to sign or not.

...

I.e.: the "sufficient certification" should actually be "We, the signers of this public key, certifies this public key belongs to a person we trust"?

A keysigning party is designed to make it easier for people who may not have sufficient people in close proximity who trust merely their word, to meet many people at the same time and make worthwhile their efforts to present verification of identity.

...

(and, of course, refuse to sign a key for any person they don't actually trust, no matter the govt issued ID-es or anything else).

You don't have to trust a person in order to sign their key. You are not asserting trust; that's entirely your business, and you never need to disclose it.

Rather, your signature on a key says *only* that you have verified the person's identity and the person tells you this key is controlled by them.

...

Why would one need to ask something in addition (impose extra requirements that don't add much to the "trust relationship"?)

Key signatures are about asserting identity, not about trust. Trust depends on reliable identity, but is not the same thing.

GnuPG maintains an entirely separate database for trust (specifically, your level of trust that the key-holder can competently manage their key and signatures) – and it is entirely private to you.

-- \ “It's dangerous to be right when the government is wrong.” | `\ —Francois Marie Arouet Voltaire | _o__) | Ben Finney

_______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au

http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-m...

Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Thanks for all the clarifications you've made, Ben. Its added a little clarity. About identification being hard, do many people embed photographs, or scans of their identity documents, within their pubkey, ie as discussed here? http://superuser.com/questions/336894/how-can-i-add-my-picture-to-my-public-... It seems like being a good way to prove to people who have met you that your public key identifies you.