User: Password:
Subscribe / Log in / New account

On keys, trust, and webs

On keys, trust, and webs

Posted Oct 6, 2011 1:04 UTC (Thu) by neilbrown (subscriber, #359)
Parent article: On keys, trust, and webs

Hash: SHA1

I must say that I never really liked the "Web of trust" concept. Trust isn't transitive, and there is no uniform standard for trust. So when I see that there is some number of chains of "trust" between two keys I don't really know what that means. It might sound impressive but unless I understand it (and I don't - sorry) it is just security theater.

Linus recently observed that not very many people had signed his GPG key, but that wasn't really important. The important thing was that his key had signed all the recent linux releases. So that key must belong to the person who is leading kernel development. That the name of his driver's license happens to be Linus Torvalds is largely irrelevant.

Rather that key-signing-parties to establish as "web of trust" it make more sense to me for all kernel developers to start signing all emails (at least) with their GPG key. Not to prove that they wrote the email, but to increase confidence that they own that key. It is a history of behaviour rather than collection of key-signing parties that builds trust for me.

[I wonder if the message and the following signature will survive any transformations that lwn and your browser do...]
Version: GnuPG v2.0.18 (GNU/Linux)


(Log in to post comments)

On keys, trust, and webs

Posted Oct 6, 2011 1:21 UTC (Thu) by jake (editor, #205) [Link]

> [I wonder if the message and the following signature will survive any
> transformations that lwn and your browser do...]

FWIW, Neil, I could verify the signature based on a key that I retrieved from with the following fingerprint:

A539 96E0 95AE 2027 C2DB A965 1B97 DCEA 057E 59BD

but i don't trust that key (yet, anyway) :)


On keys, trust, and webs

Posted Oct 7, 2011 8:18 UTC (Fri) by neilbrown (subscriber, #359) [Link]

Are you really saying that you don't trust it, or that your gpg tool tells you that you don't trust it?

Because I suspect that in reality you do trust it, at least a little bit. And if I had had the forethought to sign my previous correspondence with you, you would probably trust it a lot more, despite what gpg tells you.

I've been trying to think of non-digital analogies and the idea of "Public Notices" comes fairly close. There are cases were placing a public notice and not getting a response in some reasonable time period means that you can proceed on the assumption that no-one else has an interest in the issue (handling deceased estate is one example I think).

So my original post is like a public notice. If it was faked, you can be pretty sure that the real neilbrown would have found a way to complain. He hasn't yet. Give it time, but if you don't hear anything in a couple of weeks, you can probably increase your trust level substantially.

[alright, I admit it - I just don't like parties and want to find a way to get my access to back without having to go to a key-signing party :-) ]

On keys, trust, and webs

Posted Oct 7, 2011 13:38 UTC (Fri) by jake (editor, #205) [Link]

> Are you really saying that you don't trust it, or that your gpg tool
> tells you that you don't trust it?

well, it was meant flippantly (thus the smiley), but, yes, what I meant was that GPG did not trust the key ...

I don't think keysigning parties are the only way to get signatures ... Jon and I verified fingerprints over the phone recently, for example. Sending me a signed email with info that only the entity I know as "Neil Brown" (who ever you are in real life :) would know would go a long way toward establishing the connection between that key and that entity ... enough that I might be willing to sign the key for example ...


On keys, trust, and webs

Posted Oct 10, 2011 0:33 UTC (Mon) by vonbrand (guest, #4458) [Link]

<paranoid>Perhaps you have the real one kidnapped somewhere...</paranoid>

On keys, trust, and webs

Posted Oct 6, 2011 1:22 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

gpg: Good signature from "NeilBrown <>"
gpg: aka "NeilBrown <>"
gpg: aka "Neil Brown <>"

On keys, trust, and webs

Posted Oct 6, 2011 14:39 UTC (Thu) by jcm (subscriber, #18262) [Link]

So of course keysigning parties are one of those excitingly nerdy "I like to stare at scrolling green text in dark rooms" things. You're right that the main thing that actually matters is that "Linus" is still "Linus". Whether or not it's actually Linus Torvalds with passport number X doesn't really matter if we've all been trusting that signed identity for years.

FWIW, I have always independently signed anything I put on, even in the face of a number of hostile emails (not from - we always have the best relations) over the years from folks suggesting I was doing it wrong. Now the egg is on their face. If you want to release something, sign it yourself. Don't let some resigning service do it for you :)


On keys, trust, and webs

Posted Oct 7, 2011 14:37 UTC (Fri) by Baylink (guest, #755) [Link]

Palm Pilot Sync Day in the employee cafeteria? :-)

On keys, trust, and webs

Posted Oct 6, 2011 15:20 UTC (Thu) by jackb (guest, #41909) [Link]

FireGPG recognizes your comment as a signed message.

Too bad the plugin is unmaintained and broken so I can't actually use it any more.

On keys, trust, and webs

Posted Oct 10, 2011 1:13 UTC (Mon) by ras (subscriber, #33059) [Link]

I stopped going to key signing parties years ago after coming to the same conclusion. We have two examples of PKI: X509 and the web of trust. Both are deeply flawed. The Web of Trust adds no security whatsoever, but seems to be harmless in that it doesn't undermine the security of the systems it is bolted onto. X509 in contrast does give us something we didn't have before - when it works it prevents man in the middle attacks. But it is brittle. A single weak link can and has broken the entire thing. And when it breaks, it compromises the security of every system on the planet using it.

Unfortunately we seem to be trapped by commercial incentives. X509 is brittle because CA's make money from selling trust. It is in their interest to keep you dependent on them. We would all be better off if we just used their cert to download a self-signed cert from the vendor, giving ourselves forward secrecy. If that had been in place before the Iran thing Google would have downloaded their own certs to most browsers, so the hacked cert would have only effected new connections. As it is, they got all of connections.

I think you are right is saying when it comes to establishing trust, creating an audit trail of signed postings is the best way to go. A couple of years worth of signed postings to LKML or debian devel creates a history far more reliable than someone on the other side of the planet claiming they had sighted drivers licence. It is also easily transferred to other projects.

Sadly that is undermined by Google and other email merchants who don't provide a way to send signed messages with their software. The cynic in me says Google would far prefer you to depend on their login and password management, their server security, and their "True Names" policy for establishing trust. It's far better from Google's perspective if we all put our faith in "I saw it in Linus's g+ posting" rather than "I saw it in a message signed by Linus".

We probably have only ourselves to blame. The current PKI are not only broken, they are unbelievably difficult to use. Who here has managed to produce a self signed cert with openssl, or has truly mastered gpg options? The mere thought of gpg's 76 line output for gpg --help makes me shudder. In the light of that mess it is not surprising commercial solutions are stepping in to fill the gap.

I don't think it is technically difficult to design a system that would work well. The problem seems to be one of social engineering; of agreeing on a standard and getting the code out there; not of designing it. A such it seems like a problem open source could solve.

On keys, trust, and webs

Posted Oct 11, 2011 21:15 UTC (Tue) by jcm (subscriber, #18262) [Link]

In fairness, Google wasn't vulnerable (in Chrome) to the root cert. issues because they had added a cert hashing check and whitelists to their browser specifically to work around this kind of attack (something I love about them as the modern Xerox PARC, Sun, or Bell Labs of our time). It only worked if you were using Chrome, but they did think about it.

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds