Re: protecting pub-keys from unwanted signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 17 August 2015 at 12:27:10 AM, in mid:55d11c4e.1010...@unseen.is, Administrador wrote: For me there is no trust in the fact that anyone can sign my key and put it on a keyserver, and because I do not know the person who did can not validate their signiture/identity. For the time being, forget keys and think about people in the real world. Do you know the name of everybody who knows your name? Do you know the name of anybody who does not know your name? What trust does this offer the people who are real, trusted and known by me and whos keys have been validated by me and my key(s) by them? None: if you know each other and have verified each other's keys, you do not need a certification from anybody else. In that case all signatures are just noise. What about somebody who has not verified your key, but has verified one or more of the keys that have signed your key? They can use the presence of those signatures as a factor in deciding whether to trust your key. In that case, signatures from keys that person has verified are useful _to_that_person_ but any other signatures are noise _to_that_person_. The signatures that have been found useful in this case won't necessarily be signatures from keys that you have verified, but their presence may have enabled somebody to decide to trust your key. Give the owner the authority of his own public key and this issue would fixed. For example: Only the owner of the public key has the right to put/remove/modify his own public key on a keyserver. If such a server were implemented, anybody wanting to add a signature without the key-owner's sanction could fetch the key, sign it, and upload it to an ordinary server. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net Free advice costs nothing until you act upon it -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJV07e6XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwJsIH/AiGwS+qXe1y80Kk6poG+gKT lPIFaBOnZGQC382vj5j90SdBo6mwcZai7BOQpHQ8l0aPn1VnhDPUUO6mWALybRlc mRay5C1CUvVHSLTGzQXN8rR4PGDNUABPdYPp68L03tvo5sN3CgTJ/I+qdEVhDUFi 1vBJJClJBFFEcPoda+1svamJEOkQ7NQHCLOlnrnFW52ATLq5eHumnLJSSVx9Hbpv 3fqv3H7I5Qoe7N2rvehPW0fcj8JubbVKbPqMN6vnhTMWcbpUeX8SvFbMfrhIh0u0 pr8fUsOVX27BZfzFzPQk6Y14ZStWYDxVx+eDy3OEdcJ+ORBTY4OM4xC8xrzUV8CI vgQBFgoAZgUCVdO34l8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45DT5AQC4d6i6z/NskkymgzVc1/vxnyiL RVT7hOVcqtkCfmeetgD+JZ0rptgB3ZmTe55AObv+6mtRZF3dLoNraUJPotw2CQo= =nWsm -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
For me there is no trust in the fact that anyone can sign my key and put it on a keyserver, and because I do not know the person who did can not validate their signiture/identity. What trust does this offer the people who are real, trusted and known by me and whos keys have been validated by me and my key(s) by them? Give the owner the authority of his own public key and this issue would fixed. For example: Only the owner of the public key has the right to put/remove/modify his own public key on a keyserver. Schlacta, Christ: On Aug 16, 2015 2:27 PM, Robert J. Hansen r...@sixdemonbag.org wrote: What other people do says nothing about me, and everything about them. Except that 99% of people who see that signature will think you have an association with white supremacists. Should they? No. Will they? Yes. People are stupid. Not necessarily any individual person, but people at large are. The average person doesn't have a formal/mathematical model of trust and what it means. They have a loose, poorly-specified understanding, like only sign certificates of people you know well. This leads them to thinking, well, this white supremacist group must know Chris well. That's a false inference, but it's one a *large* number of people draw. On popular keys, such as Facebook's, or any other public figure, there are going to accumulate signatures that aren't a part of anybody's Web of Trust. Until such time that these signatures can constitute a genuine threat to the Web of Trust, they're irrelevant. So you're now changing your statement: signatures *don't* always strengthen the WoT -- a large number of them are irrelevant. This is much closer to reality. If you rounded up all the signatures on a key server, and just started deleting them at random, any given deletion is significantly more likely to weaken the Web of Trust than to make no change, therefore, mathematically, every signature strengthens the WoT on average. Let's assign a value if 0 to every irrelevant signature, and a value of 1 to every relevant signature. The total strength of the Web is the sum of the keys in the Web. Then the expected value of any given key's deletion is in fact a negative value greater than 0, and if we rebuild the Web from those signatures, the addition of any key has an expected value greater than 0, therefore, every key strengthens the Web ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- administrador. aut viam inveniam aut faciam GPG KEY: 0CA6758D CA89F37F 49AE9799 D8D493A8 1CB8EEC8 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
Il 16/08/2015 18:04, Einar Ryeng ha scritto: Is there any other problem arising from someone signing your key without permission? The only problem I see is that you can easily get associated with the wrong people. Like what happened here in Italy with Fidobust (about 25 years ago): some pirates' phone lines were being tapped, and since they connected to Fidonet BBSs, those got tapped too... then their lines were tapped and the other nodes they connected to became suspects and so on. As a result, a lot of people have had their bedrooms (where they kept the BBS PC) locked for the YEARS needed by justice to do its work. That's why my skin crawls when Robert J Hansen says Except that 99% of people who see that signature will think you have an association with white supremacists. Should they? No. Will they? Yes. Especially if one of those is a judge. When the average person have to pay for a lawyer, (s)he has already lost. BYtE, Diego ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
protecting pub-keys from unwanted signatures
Hello Werner and all, after seeing Facebook's public key a couple of days ago, i was wondering if it's possible to enhance GnuPG in a future version, so that it no longer allows someone to sign a public key without approval of the owner. As an example: Bob likes to sign Alice's pub key and issues the sign key command, but instead of signing the key directly GnuPG would create a Signature Reguest Certificate which Alice reads and verifies in GnuPG, thus allowing her to add Bob's signature to her key. This mechanism, or a similar one would protect Alice's key from unwanted signatures. Best regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 16 August 2015 at 9:10:28 AM, in mid:20150816081028.ga26...@zwiebelfreund.de, Stefan Claas wrote: after seeing Facebook's public key a couple of days ago, i was wondering if it's possible to enhance GnuPG in a future version, so that it no longer allows someone to sign a public key without approval of the owner. If GnuPG were modified in this way the key could still be signed using an old GnuPG version, or any other OpenPGP application. I guess a modification would be possible that allowed a GnuPG user to sign acceptance or rejection over a third-party signature, but I'm not convinced there would be any point. Firstly, would such acceptance or rejection be dropped by the keyservers? Secondly, any signature on a key is only meaningful if you recognise (or have a trust path to) the key that made that signature; the rest is meaningless background noise that disappears if you use keyserver-options import-clean in your gpg.conf or on your command line. (My local copy of Facebook's public key has only self-signatures, and refreshing from a keyserver does not change this). As an example: Bob likes to sign Alice's pub key and issues the sign key command, but instead of signing the key directly GnuPG would create a Signature Reguest Certificate which Alice reads and verifies in GnuPG, thus allowing her to add Bob's signature to her key. This mechanism, or a similar one would protect Alice's key from unwanted signatures. Or Alice could simply host a clean copy of her key without the unwanted signatures on her website, Biglumber, an email auto-responder, etc. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net The One with The Answer is seldom asked The Question -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJV0HDFXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwP50H/1rj+rZoRbM7EIFht89O+G8t 4UdpvX3f8V73bJYW7CW288++QFqsLrJse2IsP6exK44ZUorR08MMSdn+5DSgiSGo J5W3HgMQxM/jQZ25bDp1jLExfEtgKfGpXWPONPLP/CVe+iZpu44cTbsjA5dfYXwx TSuyHD9t4auRzShHIDunPJWNqdt/WA5XGoGYZGIsICZG5lfHUBHUyrNXv3m/q/d0 DjmelfMUpecNZ3coRhizP33tpet3mCSN1GEie9CPEWzk8aig1j5rhd/eBCVsvq0Y QVW7xJl+X7Esc0s8MeNnxbHshDco3TffRnSJFkSlKu992I61jg/O5e9d9IcS7FqI vgQBFgoAZgUCVdBwz18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45KBkAQDbT5Wo/zN+jhL5sNYRth+4QAm6 D7gUb7mAdvkpUqlUuAEA6D6968t1Nm6iTWgVyxcVDaXO1sH4ZkWdPy2FhTI25Ak= =LenD -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On Sun, Aug 16, 2015 at 12:15:03PM +0100, MFPA wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 16 August 2015 at 9:10:28 AM, in mid:20150816081028.ga26...@zwiebelfreund.de, Stefan Claas wrote: after seeing Facebook's public key a couple of days ago, i was wondering if it's possible to enhance GnuPG in a future version, so that it no longer allows someone to sign a public key without approval of the owner. If GnuPG were modified in this way the key could still be signed using an old GnuPG version, or any other OpenPGP application. I guess a modification would be possible that allowed a GnuPG user to sign acceptance or rejection over a third-party signature, but I'm not convinced there would be any point. Firstly, would such acceptance or rejection be dropped by the keyservers? Secondly, any signature on a key is only meaningful if you recognise (or have a trust path to) the key that made that signature; the rest is meaningless background noise that disappears if you use keyserver-options import-clean in your gpg.conf or on your command line. (My local copy of Facebook's public key has only self-signatures, and refreshing from a keyserver does not change this). As an example: Bob likes to sign Alice's pub key and issues the sign key command, but instead of signing the key directly GnuPG would create a Signature Reguest Certificate which Alice reads and verifies in GnuPG, thus allowing her to add Bob's signature to her key. This mechanism, or a similar one would protect Alice's key from unwanted signatures. Or Alice could simply host a clean copy of her key without the unwanted signatures on her website, Biglumber, an email auto-responder, etc. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net The One with The Answer is seldom asked The Question -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJV0HDFXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwP50H/1rj+rZoRbM7EIFht89O+G8t 4UdpvX3f8V73bJYW7CW288++QFqsLrJse2IsP6exK44ZUorR08MMSdn+5DSgiSGo J5W3HgMQxM/jQZ25bDp1jLExfEtgKfGpXWPONPLP/CVe+iZpu44cTbsjA5dfYXwx TSuyHD9t4auRzShHIDunPJWNqdt/WA5XGoGYZGIsICZG5lfHUBHUyrNXv3m/q/d0 DjmelfMUpecNZ3coRhizP33tpet3mCSN1GEie9CPEWzk8aig1j5rhd/eBCVsvq0Y QVW7xJl+X7Esc0s8MeNnxbHshDco3TffRnSJFkSlKu992I61jg/O5e9d9IcS7FqI vgQBFgoAZgUCVdBwz18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45KBkAQDbT5Wo/zN+jhL5sNYRth+4QAm6 D7gUb7mAdvkpUqlUuAEA6D6968t1Nm6iTWgVyxcVDaXO1sH4ZkWdPy2FhTI25Ak= =LenD -END PGP SIGNATURE- Thanks for your reply, all valid points. However if my proposal would result in an enhanced OpenPGP file format older versions could not sign such keys, while a never version could read older or leagcy file formats. Same as with other software applications. Current key servers would not be able to read/store such enhanced format and needed to be updated too. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On Sun, Aug 16, 2015 at 4:15 AM, MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 16 August 2015 at 9:10:28 AM, in mid:20150816081028.ga26...@zwiebelfreund.de, Stefan Claas wrote: after seeing Facebook's public key a couple of days ago, i was wondering if it's possible to enhance GnuPG in a future version, so that it no longer allows someone to sign a public key without approval of the owner. If GnuPG were modified in this way the key could still be signed using an old GnuPG version, or any other OpenPGP application. I guess a modification would be possible that allowed a GnuPG user to sign acceptance or rejection over a third-party signature, but I'm not convinced there would be any point. Firstly, would such acceptance or rejection be dropped by the keyservers? snip No, the keyserver pool does not reject any signatures, even if the signature itself is invalid. When you receive a public key from the keyserver pool it's the job of the client to clean/reject invalid or unknown signatures. I've argued a bit that keyservers should start to play a role in policing the pool, but it's a controversial topic. https://lists.gnu.org/archive/html/sks-devel/2015-05/msg00022.html Unfortunately, that leads to trolls tagging notable public keys (such as Facebook and Adrian Lamo) with unseemly material, but these will just be ignored by gpg when you fetch that public key. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On Sun, Aug 16, 2015 at 05:31:10PM +0200, Viktor Dick wrote: On 16.08.2015 16:26, Stefan Claas wrote: if i understand you correctly it would not help me if someone would sign my key without my approval, so to speak. Sure it helps. If Alice signs my key and Bob wants to send me something and trusts Alice, he can derive some trust that my key is also genuine. One could argue that anyone who I do not know and who anyhow signs my key will probably not be (rightfully) trusted by anyone. However, some magazines (I'm thinking of c't) for example might put their fingerprint on each issue and someone who buys it might sign their key so that some friend of theirs who has not direct access to that can still be somehow sure that the key is correct. Ok, i understand but it helps not to solve the issue of unwanted signatures, which i'm talking about. I haven't looked at Facebook's public key, but let's assume that I want to send them an e-mail and tell my client 'get the key of i...@facebook.com'. It will download the key with a lot of signatures, some of which might be owned by someone in my web of trust. This person has probably just checked that the fingerprint given on their webpage matches the one of this particular key, but then that's something I do not need to check myself. (Not sure if that should be enough to sign a key, though...) Kind regards Viktor Here's as an example the Facebook pub key: https://pgp.mit.edu/pks/lookup?search=facebook+Incop=vindex Should now GnuPG been enhaned, or the Key Server's been updated, similar to the pgp.com one.in order to allow such things not in the future? Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On 8/16/2015 at 12:34 PM, Stefan Claas ad...@zwiebelfreund.de wrote: Should now GnuPG been enhaned, or the Key Server's been updated, similar to the pgp.com one.in order to allow such things not in the future? = It would be very helpful if such a protection against unwanted key signatures could be instituted. Here is a possible suggestion on how it might be done: [1] Have GnuPG require a 'cross-certification' of signatures, similar to the cross-certification of subkeys. [2] Have GnuPG give a message upon importing a public key, that Signatures from keyid's [...], [], and [...] have not been cross-certified by their owner, Clean these signatures, y / n ? (Alternatively, the default could be: These signatures will be removed. If you want to keep them, enter 'keep-sig' , and then each new sig would be displayed, and if the importer wants the sig, the importer would need to enter 'keep-sig' for each sig individually.) This would require the owners of the keys to do periodic checking of their keys and cross-certify the signatures they want. It would also be a bit of work for the owners to cross-certify all the 'good' signatures they were happy to get. Just a suggestion. The implementers can best decide how much extra work this would require, and if there is a simpler better way to accomplish the desired result. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
reflum, On Sun, 2015-08-16 at 10:10 +0200, Stefan Claas wrote: Hello Werner and all, after seeing Facebook's public key a couple of days ago, i was wondering if it's possible to enhance GnuPG in a future version, so that it no longer allows someone to sign a public key without approval of the owner. Maybe you can explain your use case a bit. Think about this: You can easily create a little document with the fingerprint of the key you want to sign, timestamp, maybe other notions and sign that. Then you can publish this document. In fact the signature on a key is very similar to such a document. Just that it has a machine readable structure. -- Philipp. (Rah of PH2) signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On 16.08.2015 16:26, Stefan Claas wrote: if i understand you correctly it would not help me if someone would sign my key without my approval, so to speak. Sure it helps. If Alice signs my key and Bob wants to send me something and trusts Alice, he can derive some trust that my key is also genuine. One could argue that anyone who I do not know and who anyhow signs my key will probably not be (rightfully) trusted by anyone. However, some magazines (I'm thinking of c't) for example might put their fingerprint on each issue and someone who buys it might sign their key so that some friend of theirs who has not direct access to that can still be somehow sure that the key is correct. I haven't looked at Facebook's public key, but let's assume that I want to send them an e-mail and tell my client 'get the key of i...@facebook.com'. It will download the key with a lot of signatures, some of which might be owned by someone in my web of trust. This person has probably just checked that the fingerprint given on their webpage matches the one of this particular key, but then that's something I do not need to check myself. (Not sure if that should be enough to sign a key, though...) Kind regards Viktor signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On Sun, Aug 16, 2015 at 11:18:20AM +, Philipp Schafft wrote: reflum, On Sun, 2015-08-16 at 10:10 +0200, Stefan Claas wrote: Hello Werner and all, after seeing Facebook's public key a couple of days ago, i was wondering if it's possible to enhance GnuPG in a future version, so that it no longer allows someone to sign a public key without approval of the owner. Maybe you can explain your use case a bit. Think about this: You can easily create a little document with the fingerprint of the key you want to sign, timestamp, maybe other notions and sign that. Then you can publish this document. In fact the signature on a key is very similar to such a document. Just that it has a machine readable structure. -- Philipp. (Rah of PH2) if i understand you correctly it would not help me if someone would sign my key without my approval, so to speak. What i meaned whith my initial post was that it should in the future not be possible to sign someones pub key directly, to prevent unwanted signatures. Sure one can revoke his/her pub key, but how often would you like to do that if a prankster has lot's of energy? I also forgot to mention in my first post that it would also require that Alice has to enter her secrets key passphrase to authorize Bob's Signature Request Certificate, after validating Bob's request cert. I think it would be a welcome addition for a future version of GnuPG. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On Sun, Aug 16, 2015 at 04:26:16PM +0200, Stefan Claas wrote: What i meaned whith my initial post was that it should in the future not be possible to sign someones pub key directly, to prevent unwanted signatures. Sure one can revoke his/her pub key, but how often would you like to do that if a prankster has lot's of energy? What harm do your see in fake signatures? There is a possibility of someone making your key excessively large to download by adding tons of signatures to it. If that happens, the correct place to fix it is probably the keyserver code. Your signed signatures proposal would not inherently eliminate this problem; Alice would still need to make a signature on Bob's key and upload it to the server in order to allow Bob to download and sign the signature. Is there any other problem arising from someone signing your key without permission? If you only want this for decluttering purposes, you will probably achieve something similar by only looking at mutually signed keys. It won't be exactly same, because the keys then have signed each other directly rather than each other's signature packets, but depending on your problem it may do the job for you. -- Einar Ryeng ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On Sun, Aug 16, 2015 at 06:04:38PM +0200, Einar Ryeng wrote: On Sun, Aug 16, 2015 at 04:26:16PM +0200, Stefan Claas wrote: What i meaned whith my initial post was that it should in the future not be possible to sign someones pub key directly, to prevent unwanted signatures. Sure one can revoke his/her pub key, but how often would you like to do that if a prankster has lot's of energy? What harm do your see in fake signatures? There is a possibility of someone making your key excessively large to download by adding tons of signatures to it. If that happens, the correct place to fix it is probably the keyserver code. Your signed signatures proposal would not inherently eliminate this problem; Alice would still need to make a signature on Bob's key and upload it to the server in order to allow Bob to download and sign the signature. Is there any other problem arising from someone signing your key without permission? If you only want this for decluttering purposes, you will probably achieve something similar by only looking at mutually signed keys. It won't be exactly same, because the keys then have signed each other directly rather than each other's signature packets, but depending on your problem it may do the job for you. -- Einar Ryeng Hi, what harm do i see with fake signatures or signatures without permission? Well, i think everybody here or elsewere can imagine by themselves how happy one would be to receive unwanted signatures, depending on the content... Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 16 August 2015 at 6:15:16 PM, in mid:20150816171516.9276343...@smtp.hushmail.com, ved...@nym.hush.com wrote: This would require the owners of the keys to do periodic checking of their keys and cross-certify the signatures they want. Why bother periodically checking? If somebody doesn't have the courtesy to send the signature to the key owner rather than publishing it themselves, they shouldn't expect the key owner to cross-certify it. The implementers can best decide how much extra work this would require, and if there is a simpler better way to accomplish the desired result. The keyserver no-modify flag was simple. But it didn't achieve the desired result. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net The second mouse gets the cheese -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJV0RSHXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwP00H+wf3fJ5febGlQixq2npTGVa2 PqQL8Ipr1202a9PUS/milX0VJL/pb3a9JoKMNlp0g91HktedcxU+ageqhZYWD+d9 NtymQfnyrHk7jwHM6SJFhEo5t9/ZzIsmqaqnXBglrg3a7mj2fcfNe7N5wkn52MFJ 0GtgE2NM1WcHgv0EaJkjAj8JnB1eU+liOAz773/yUCf99IK7yv4hTVTAKQq4ElhV 6ZiBjYLOWXAhTCSVp0H/U8j7WnN2xrrSfiC7o9xCOsXkqjtoDoVyrkzmffl/zbkX VCkwYoLdPh23Noe+QxB/Q9dVz7GiB7kcUFcycvJQbzDLqif2kZ96J6wXfmaW+jaI vgQBFgoAZgUCVdEUjF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45P97AQCS0hy8ocOPOYCXN/xnkSnwxRZG W6Pr/INQ7c6/0NR7HwEAxqFjpYel0Xb38bRZk+kwm1wayjEBOARTMTbYzcI5SQE= =+DOC -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
People are stupid. Not necessarily any individual person, but people at large are. https://xkcd.com/1386/ If you rounded up all the signatures on a key server, and just started deleting them at random, any given deletion is significantly more likely to weaken the Web of Trust than to make no change, therefore, mathematically, every signature strengthens the WoT on average. This is quickly becoming tendentious. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
I'll reiterate that there's really no such thing as unwanted signatures. The more signatures on a key, the stronger the Web of Trust. End of story. Please try to understand that no signature is inherently unwanted. Your proposal, in any form, would weaken gpg on the whole by increasing the already high burden on users to maintain their keys. On Aug 16, 2015 10:16 AM, ved...@nym.hush.com wrote: On 8/16/2015 at 12:34 PM, Stefan Claas ad...@zwiebelfreund.de wrote: Should now GnuPG been enhaned, or the Key Server's been updated, similar to the pgp.com one.in order to allow such things not in the future? = It would be very helpful if such a protection against unwanted key signatures could be instituted. Here is a possible suggestion on how it might be done: [1] Have GnuPG require a 'cross-certification' of signatures, similar to the cross-certification of subkeys. [2] Have GnuPG give a message upon importing a public key, that Signatures from keyid's [...], [], and [...] have not been cross-certified by their owner, Clean these signatures, y / n ? (Alternatively, the default could be: These signatures will be removed. If you want to keep them, enter 'keep-sig' , and then each new sig would be displayed, and if the importer wants the sig, the importer would need to enter 'keep-sig' for each sig individually.) This would require the owners of the keys to do periodic checking of their keys and cross-certify the signatures they want. It would also be a bit of work for the owners to cross-certify all the 'good' signatures they were happy to get. Just a suggestion. The implementers can best decide how much extra work this would require, and if there is a simpler better way to accomplish the desired result. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On Sun, Aug 16, 2015 at 11:24:38AM -0700, Schlacta, Christ wrote: I'll reiterate that there's really no such thing as unwanted signatures. The more signatures on a key, the stronger the Web of Trust. End of story. Please try to understand that no signature is inherently unwanted. Your proposal, in any form, would weaken gpg on the whole by increasing the already high burden on users to maintain their keys. With all due respect, but why should a GnuPG user not been allowed to decide by him/herself which signatures he/she likes to have on his/her pub key? I don't get it, seriously. BTW. maybe a language barrier, but an unwanted signature for me is a signature which contains crap or false content which does not help the Web of Trust in any way and which i or others don't like to see on our public keys. P.S. last post for today, getting late here. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
I'll reiterate that there's really no such thing as unwanted signatures. No? So you'd be fine if someone generated a fake certificate belonging to White Power Action Network w...@stormfront.org and added a signature to your certificate from it? There are definitely such things as unwanted signatures. The more signatures on a key, the stronger the Web of Trust. End of story. No. This isn't even in the same postal code as reality. More signatures from *real people* may result in a better WoT; more signatures, period, or signatures from fake identities, really don't add anything. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
On Aug 16, 2015 2:27 PM, Robert J. Hansen r...@sixdemonbag.org wrote: What other people do says nothing about me, and everything about them. Except that 99% of people who see that signature will think you have an association with white supremacists. Should they? No. Will they? Yes. People are stupid. Not necessarily any individual person, but people at large are. The average person doesn't have a formal/mathematical model of trust and what it means. They have a loose, poorly-specified understanding, like only sign certificates of people you know well. This leads them to thinking, well, this white supremacist group must know Chris well. That's a false inference, but it's one a *large* number of people draw. On popular keys, such as Facebook's, or any other public figure, there are going to accumulate signatures that aren't a part of anybody's Web of Trust. Until such time that these signatures can constitute a genuine threat to the Web of Trust, they're irrelevant. So you're now changing your statement: signatures *don't* always strengthen the WoT -- a large number of them are irrelevant. This is much closer to reality. If you rounded up all the signatures on a key server, and just started deleting them at random, any given deletion is significantly more likely to weaken the Web of Trust than to make no change, therefore, mathematically, every signature strengthens the WoT on average. Let's assign a value if 0 to every irrelevant signature, and a value of 1 to every relevant signature. The total strength of the Web is the sum of the keys in the Web. Then the expected value of any given key's deletion is in fact a negative value greater than 0, and if we rebuild the Web from those signatures, the addition of any key has an expected value greater than 0, therefore, every key strengthens the Web ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: protecting pub-keys from unwanted signatures
What other people do says nothing about me, and everything about them. Except that 99% of people who see that signature will think you have an association with white supremacists. Should they? No. Will they? Yes. The average person doesn't have a formal/mathematical model of trust and what it means. They have a loose, poorly-specified understanding, like only sign certificates of people you know well. This leads them to thinking, well, this white supremacist group must know Chris well. That's a false inference, but it's one a *large* number of people draw. On popular keys, such as Facebook's, or any other public figure, there are going to accumulate signatures that aren't a part of anybody's Web of Trust. Until such time that these signatures can constitute a genuine threat to the Web of Trust, they're irrelevant. So you're now changing your statement: signatures *don't* always strengthen the WoT -- a large number of them are irrelevant. This is much closer to reality. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
