On 07/11/13 20:19, Leo Gaspard wrote:
(I know, I'm slow to understand, but I think I'm OK no.)
Actually, I think the whole Web of Trust business is deceptively
complicated, even though at first glance it seems not to be.
So there's no need to be apologetic about it.
Peter.
--
I use the GNU
Leo Gaspard ekl...@gmail.com wrote:
However, to come back to the initial problem, I still believe the key
change
problem (ie. owner of K1 switchs to K2) does not require re-verifying
ownership
etc. (BTW, isn't this also why transition statements, like
Paul R. Ramer free10...@gmail.com wrote:
Stan Tobias st...@privatdemail.net wrote:
Yes, but by remote communication. The reasoning goes like this: The
signature is validated by my certificate (or, in case 2a, by my
friends'
whom I trust fully). The message is authenticated by X's valid
Paul R. Ramer free10...@gmail.com wrote:
On 11/05/2013 09:26 AM, Leo Gaspard wrote:
However, I think in this case (assuming there are no more UID on key 2 than
on
key 1), assertions are sufficient, *because* there are two assertions, one
in
both ways.
I mean :
* Owner of Key 1
On 06/11/13 23:28, Leo Gaspard wrote:
The fact that others could get just the same effect by twisting their WoT
parameters is not an issue to me. Firstly, because there are few trust
signatures (according to best practices I read, that said trust signatures
are mainly made for closed-system
On Thu, Nov 07, 2013 at 11:48:07AM +0100, Peter Lebbing wrote:
On 06/11/13 23:28, Leo Gaspard wrote:
But mostly because signing is an attestion of your belief someone is who
(s)he is. Thus, if you believe someone is who the UID states (s)he is as
much as if you met him/her in person and
On 2013-11-07 17:09, Leo Gaspard wrote:
If I understood correctly, the depth parameter you are talking about
is useless, except in case there are trust signature. And you agreed
with me for
them to be taken out of the equation.
Of course it's not useless. You seem to misunderstand the Web of
On 11/07/2013 11:09 AM, Leo Gaspard wrote:
Except they do not have to know X, nor that he makes perfectly reasonable
decisions in signing keys.
And I believe it's not noise. Let's make an example in the real world :
* I would entrust X with my life
* X would entrust Y with his life, without
On Thu, Nov 07, 2013 at 07:21:28PM +0100, Peter Lebbing wrote:
On 2013-11-07 17:09, Leo Gaspard wrote:
If I understood correctly, the depth parameter you are talking about
is useless, except in case there are trust signature. And you agreed with
me for
them to be taken out of the equation.
On Thu, Nov 07, 2013 at 01:40:22PM -0500, Daniel Kahn Gillmor wrote:
On 11/07/2013 11:09 AM, Leo Gaspard wrote:
Except they do not have to know X, nor that he makes perfectly reasonable
decisions in signing keys.
And I believe it's not noise. Let's make an example in the real world :
* I
On Thu, Nov 07, 2013 at 08:10:11PM +0100, Leo Gaspard wrote:
I'm sorry, I think I gave too much importance to your earlier statement
(Signing is to be an attestation to the validity of the key.) [...]
Sorry again, just noticed it actually wasn't you statement, but Paul's !
So, double
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Thursday 7 November 2013 at 7:10:11 PM, in
mid:20131107191011.GF470@leortable, Leo Gaspard wrote:
But I still wonder how one should deal with key
duplication (ie. owner of K1 now has a second key
K2)...
If the owner doesn't revoke one,
(Sorry, failed again to reply to the list, so you probably have this message
twice again.)
On Tue, Nov 05, 2013 at 05:32:38PM -0800, Paul R. Ramer wrote:
On Tuesday 5 November 2013 at 11:03:19 PM, in
mid:52797937.5090...@gmail.com, Paul R. Ramer wrote:
But if you sign it with an exportable
Leo Gaspard ekl...@gmail.com wrote:
You are right. Decryption is sufficient to demonstrate control of
the private key, because if he can decrypt, he can also sign. What I
said, decrypt and sign, was redundant.
Well... I still do not understand why decryption is sufficient to
demonstrate
On Tue, Nov 05, 2013 at 12:40:11AM -0800, Paul R. Ramer wrote:
I don't know how I can explain it any better than I have. I think you are
confusing assertion with verification. Unless you can differentiate between
the two in this case, I don't think you will see what I am talking about.
On 11/05/2013 09:26 AM, Leo Gaspard wrote:
On Tue, Nov 05, 2013 at 12:40:11AM -0800, Paul R. Ramer wrote:
I don't know how I can explain it any better than I have. I think you are
confusing assertion with verification. Unless you can differentiate between
the two in this case, I don't think
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Tuesday 5 November 2013 at 11:03:19 PM, in
mid:52797937.5090...@gmail.com, Paul R. Ramer wrote:
But if you sign it with an exportable
signature, you are saying to others that you have
verified the key.
In the absence of a published
On Tuesday 5 November 2013 at 11:03:19 PM, in
mid:52797937.5090...@gmail.com, Paul R. Ramer wrote:
But if you sign it with an exportable
signature, you are saying to others that you have
verified the key.
In the absence of a published keysigning policy, isn't that an
assumption?
Signing is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 3 November 2013 at 2:08:15 AM, in
mid:5275b00f.7030...@gmail.com, Paul R. Ramer wrote:
When you verify a key to sign you are verifying the following:
1) For each UID, that the name is correct and that the
purported owner has
On 11/04/2013 11:02 AM, MFPA wrote:
And as an aside, does it really make a difference to only sign some
UIDs and not others? Does GnuPG actually take account of which UIDs
are signed in its validity or trust calculations?
Yes, it does make a difference.
Let's say I make key X and attach to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 4 November 2013 at 4:52:02 PM, in
mid:5277d0b2.9040...@fifthhorseman.net, Daniel Kahn Gillmor wrote:
Yes, it does make a difference.
[snipped]
If you had certified both User IDs on my
key, gpg would be happy to encrypt the
MFPA expires2...@ymail.com wrote:
Why do we need to establish they can also sign? Isn't it enough to
demonstrate they control the email address and can decrypt, by signing
one UID at a time and sending that signed copy of the key in an
encrypted email to the address in that UID?
You are right.
On Mon, Nov 04, 2013 at 01:44:51PM -0800, Paul R. Ramer wrote:
MFPA expires2...@ymail.com wrote:
Why do we need to establish they can also sign? Isn't it enough to
demonstrate they control the email address and can decrypt, by signing
one UID at a time and sending that signed copy of the key
Stan Tobias st...@privatdemail.net wrote:
Yes, but by remote communication. The reasoning goes like this: The
signature is validated by my certificate (or, in case 2a, by my
friends'
whom I trust fully). The message is authenticated by X's valid
signature,
therefore the message has not been
On 11/02/2013 02:25 PM, Leo Gaspard wrote:
On Sat, Nov 02, 2013 at 11:02:57AM -0700, Paul R. Ramer wrote:
Stan Tobias st...@privatdemail.net wrote:
Yes, but by remote communication. The reasoning goes like this: The
signature is validated by my certificate (or, in case 2a, by my
friends'
(Sorry, I once again sent the message only to you and not to the list -- I
really need to get used to mailing lists, sorry !)
On Sat, Nov 02, 2013 at 07:08:15PM -0700, Paul R. Ramer wrote:
On 11/02/2013 02:25 PM, Leo Gaspard wrote:
Isn't the presence of a UID sufficient for this matter ?
No,
On 11/02/2013 07:34 PM, Leo Gaspard wrote:
Well...
1) Checked by the other key's message. Because signed (K1) message from
Alice,
saying she has access to K2, means any UID on K2 named Alice is as right
as
the equivalent UID on K1. So the UIDs are correct.
2) Checked by the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 28 October 2013 at 8:51:30 AM, in
mid:526e2592.vizyzhweghmqqhhk%st...@privatdemail.net, Stan Tobias
wrote:
I say it does not, because basing one's certification
on that of the notary is not [the same as] basing one's
Peter Lebbing pe...@digitalbrains.com wrote:
On 24/10/13 01:15, Stan Tobias wrote:
No, there's no paradox. Any liar will screw your parameters.
The paradox was very clear in my post where I still called it a dichotomy.
There
was a paradox in my thoughts and conclusions, why do you
On 13-10-22 04:57 PM, MFPA wrote:
Hi
Hi,
It appears you probably meant the communication with
bob@corporate.domain was the out-of-band channel by which you and
Bob told each other your OpenPGP key fingerprints, and that being able
to send emails from those corporate accounts also doubled as
On 24/10/13 01:15, Stan Tobias wrote:
No, there's no paradox. Any liar will screw your parameters.
The paradox was very clear in my post where I still called it a dichotomy. There
was a paradox in my thoughts and conclusions, why do you suddenly state there is
no paradox?
And my original
Peter Lebbing pe...@digitalbrains.com wrote:
On 24/10/13 01:15, Stan Tobias wrote:
, then why do we believe WoT authenticates anything? Why do we accept, for
example, a conversation by telephone to validate a key fingerprint?
Because these are verifications outside the Web of Trust.
Is
On 2013-10-24 19:27, Stan Tobias wrote:
Because these are verifications outside the Web of Trust.
Is that the only requirement?
*Sigh*. No, it's the other way around. The Web Of Trust should never be
a basis for your signature, because anyone else can simply trust the
people who already
Robert J. Hansen r...@sixdemonbag.org wrote:
On 10/22/2013 11:01 AM, Stan Tobias wrote:
That phrase, to a sufficient degree, is important. You cannot ever
verify someone's identity 100%, not even with DNA testing -- it's
always
possible they have an identical twin, always possible the lab work
Stan Tobias st...@privatdemail.net wrote:
Peter Lebbing pe...@digitalbrains.com wrote:
On 24/10/13 01:15, Stan Tobias wrote:
, then why do we believe WoT authenticates anything? Why do we
accept, for
example, a conversation by telephone to validate a key fingerprint?
Because these are
Robert J. Hansen r...@sixdemonbag.org wrote:
On 10/22/2013 11:01 AM, Stan Tobias wrote:
But this is not a real identification - almost none of us
has means to confirm an identity, which is a job for a detective.
[...]
As far as the U.S. Marshal was concerned, my identity had been proven
to
On 23/10/13 19:26, Stan Tobias wrote:
Later someone discussed a paradox (they used the word dichotomy,
but I think it's a wrong word here - maybe they wanted dissonance):
Paradox would be the best and is what I should have used. Not dissonance.
The paradox is removed when we realize that the
Peter Lebbing pe...@digitalbrains.com wrote:
On 23/10/13 19:26, Stan Tobias wrote:
The paradox is removed when we realize that the notary's signature is
not a statement about the identity of the person.
I strongly disagree. The paradox is created by the fact that you screw
up my Web of
Robert J. Hansen r...@sixdemonbag.org wrote:
In my proposed scenario, the corporation is doing nothing more than
providing a means for the participants to know that Bob is actually Bob
because the company has checked his id and said he is and providing an
authenticated means (again, IT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Thursday 17 October 2013 at 11:37:35 AM, in
mid:l3oel7$7ur$1...@ger.gmane.org, Brian J. Murrell wrote:
On 13-10-16 05:28 PM, MFPA wrote:
If the key was generated, stored, or used on the
company's computer, all bets are off regarding
On 10/22/2013 11:01 AM, Stan Tobias wrote:
But this is not a real identification - almost none of us
has means to confirm an identity, which is a job for a detective.
Last time I walked into a courthouse to speak with a judge the marshal
asked for my driver's license -- he checked the
Am Di 22.10.2013, 18:01:46 schrieb Robert J. Hansen:
certificate, you are making an assertion about identity: that, to a
level exceeding your threshold of certainty,
Even worse: exceeding your threshold of certainty in that moment
I am afraid this assessment changes for most users over time
On 18/10/13 22:26, Brian J. Murrell wrote:
Right. They key signing party relies on a means of communication that
can be considered authenticated. It could be e-mail (closed corporate
e-mail system, not an across the Internet e-mail) or it could be
credentials required (again, closed,
On Thu, Oct 17, 2013 at 01:54:54PM -0700, Robert J. Hansen wrote:
In my proposed scenario, the corporation is doing nothing more than
providing a means for the participants to know that Bob is actually Bob
because the company has checked his id and said he is and providing an
authenticated
On 18/10/13 08:41, Werewolf wrote:
Now what if the Company/HR department had a Notary public, for their
documents, and this same Notary had a gpg key he/she treated same his/her
stamp equipment, and used the same standards before signing a gpgkey?
Then you could simply sign the notary's key
On 18/10/13 11:37, Peter Lebbing wrote:
The moral: I think it is a really bad idea to sign keys because you trust
already made signatures. That's what your trust database is for, use that. You
should sign keys because you verified the identity *outside* the Web of Trust.
However, here an
On 10/18/2013 2:41 AM, Werewolf wrote:
Now what if the Company/HR department had a Notary public, for their
documents, and this same Notary had a gpg key he/she treated same
his/her stamp equipment, and used the same standards before signing a
gpgkey?
Forgive a nonanswer here, but this isn't
On 13-10-18 05:59 AM, Peter Lebbing wrote:
However, here an interesting dichotomy surfaces: the scenario the OP painted
was
that the HR person or notary did not use OpenPGP or key signatures, but that
you
still rely on the identity verification done by the HR person.
That's correct.
On 13-10-16 05:28 PM, MFPA wrote:
If the key was generated, stored, or used on the company's computer,
all bets are off regarding Bob being the only one with access to a
copy.
Why would it be? There is no reason, with this verification scheme that
anyone's private keys (or public keys for
On 17-10-2013 12:37, Brian J. Murrell wrote:
If the key was generated, stored, or used on the company's computer,
all bets are off regarding Bob being the only one with access to a
copy.
Why would it be? There is no reason, with this verification scheme that
anyone's private keys (or
On 13-10-17 09:07 AM, Johan Wevers wrote:
Yes there is: the practical point of using those keys. Why would a HR
department sign employees keys?
Look at my update to this thread yesterday. I already said in that
message that the HR department is NOT signing keys and that the
corporation in
In my proposed scenario, the corporation is doing nothing more than
providing a means for the participants to know that Bob is actually Bob
because the company has checked his id and said he is and providing an
authenticated means (again, IT being a black-hat aside) to communicate
with Bob and
If you worked in a corporate environment, would you trust the HR
department there to have verified the identity of employees well enough
to leverage that into signing a GPG key?
Let's say such an environment had an messaging system where employees
had to authenticate with their corporate IT
On Wed, Oct 16, 2013 at 2:04 PM, Brian J. Murrell br...@interlinx.bc.ca wrote:
If you worked in a corporate environment, would you trust the HR
department there to have verified the identity of employees well enough
to leverage that into signing a GPG key?
In general, I'd be fine with that.
On Wed, Oct 16, 2013 at 08:04:39AM -0400, Brian J. Murrell wrote:
If you worked in a corporate environment, would you trust the HR
department there to have verified the identity of employees well enough
to leverage that into signing a GPG key?
Not without investigating their procedures.
On 16-10-2013 15:28, Pete Stephenson wrote:
I would be reasonably sure that a key signed by an HR department
actually belongs to the named person,
Although I would certainly NOT assume that that person would be the only
one with access to the secret key. Most companies would keep a copy.
--
On Wed, Oct 16, 2013 at 4:20 PM, Johan Wevers joh...@vulcan.xs4all.nl wrote:
On 16-10-2013 15:28, Pete Stephenson wrote:
I would be reasonably sure that a key signed by an HR department
actually belongs to the named person,
Although I would certainly NOT assume that that person would be the
If you worked in a corporate environment, would you trust the HR
department there to have verified the identity of employees well enough
to leverage that into signing a GPG key?
This is the wrong question, really.
HR is pretty good about verifying identity documents. HR gets
specialized
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/16/2013 05:04 AM, Brian J. Murrell wrote:
| If you worked in a corporate environment, would you trust the HR
| department there to have verified the identity of employees well
| enough to leverage that into signing a GPG key?
|
| Let's say
On 13-10-16 03:51 PM, Doug Barton wrote:
On 10/16/2013 05:04 AM, Brian J. Murrell wrote:
| If you worked in a corporate environment, would you trust the HR
| department there to have verified the identity of employees well
| enough to leverage that into signing a GPG key?
|
| Let's say such
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 16 October 2013 at 9:19:19 PM, in
mid:l3msbv$jh3$1...@ger.gmane.org, Brian J. Murrell wrote:
The corporation would not have a copy of the private
key since the corporation is completely uninvolved
other than (unknowingly)
61 matches
Mail list logo
