I'm having difficulty understanding
I'm having difficulty understanding
Posted Jul 2, 2019 21:17 UTC (Tue) by vadim (subscriber, #35271)In reply to: I'm having difficulty understanding by ms-tg
Parent article: OpenPGP certificate flooding
First, let's say you're a developer for CoolDistro. At some point you meet ExperiencedDev, who after a round of introductions signs your key. You sign theirs. You get the keyring for CoolDistro, and since ExperiencedDev signed pretty much everyone's key, you're pretty much set. No keyservers in sight.
But let's say you're a random guy, you went to FOSDEM and signed more than a hundred keys. You're well connected now. And you want to verify the key on the Tor browser. What do you do?
1. You get the signature, you try to verify it, and gpg tells you: "nope, this isn't trusted!". You don't have the signing key. Damn.
2. Okay, there's gpg --recv-keys, right? Nope, there's no default keyserver.
3. You google for, and configure gpg to use a damn keyserver. You get the key. Still no dice. The key isn't trusted, because you didn't sign that one.
4. You figure that somebody you met, at some point, must have signed it. Time to make sure you have every key you signed, and that you refreshed them from the keyserver. Now it should work. But it still doesn't.
6a. GPG's trust model works well for Alice -> Bob -> Carol chains. But it can actually extend further. What if you want to check an Alice -> Bob -> Carol -> Dave chain? Well, you're stuck. You might know who you signed, but if you don't know Carol, how do you find out you need her key? Here you can take on the desperate resort of recursively downloading the key of everyone you signed, plus every key *they* signed, hoping it might help. Happy scripting! And dealing with a key database of several thousand people, the vast majority of which you've never met.
6b. You might actually know about https://pgp.cs.uu.nl/, which some random guy runs and which might vanish at any moment, and which doesn't cover every key in existence. But it helps a lot.
7. What? It still doesn't work!?. GPG isn't happy with just signatures, you need to tell it how much you trust that key. Do gpg --update-trustdb and fill in the missing info. Things get fuzzy here. How much do you trust guy #53 of 120 you met at FOSDEM? Do you remember how well you checked his ID? Uhh... You get that done, and finally, that WORKS.
8. Time to celebrate with a drink of your choice.
Why, nice and easy, isn't it? It'll only take meeting a lot of people face to face, laboriously signing a hundred keys, then spending a day or two figuring out the above, and you can finally make some use of this web of trust. If you're technically minded enough to understand all that stuff, and have the patience for it.
I'd be willing to bet that the number of people who've done the above isn't very large. I've done it, and it actually worked, but boy is it annoying. You need to be a pretty special kind of person to put up with that.
PS: While writing this comment I tried to get the Tor Browser's current key to make sure I wasn't missing anything. It's got "100304 new signatures" on it. Wheee.
Posted Jul 3, 2019 8:17 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link] (3 responses)
"How much do you trust guy #53 of 120 you met at FOSDEM? Do you remember how well you checked his ID?"
Nope. The system is asking how you much you _trust_ them, not whether you're sure they are who they say they are.
I am 100% certain my mother is my mother, but I wouldn't trust her as far as I can throw her. And this is where the WoT breaks down. Your trust metric must reflect your confidence that these people will do their part correctly in the WoT, but even conscientious users often don't understand how to do their part correctly, so realistically almost everybody's "trust" indication for almost everybody should be zero. At which point it's not a "web" it's just a bunch of unconnected points.
This is why things like Signal don't bother trying to invent a technologically complex way to "verify" other participants. Technology is used to make the only provided way _easy_ but not to try to conjure trust where it doesn't really exist. You make your own decisions on how to label other participants in a direct conversation and whether to consider you've "verified" they are who you thought they are. It's exactly as happy with you deciding you've verified "Deep Throat (gov insider?)" and not "Sally Anne Jenkins of Ohio" as vice versa. It doesn't mean anything to me that Sally claims to have verified Deep Throat, or that Deep Throat claims to have verified Sally.
Posted Jul 3, 2019 11:04 UTC (Wed)
by vadim (subscriber, #35271)
[Link] (2 responses)
The problem there though is that there's no way to avoid trust in the situation. So let's get back to the Tor browser.
Option A: Personally reviewing the entire source code. Not really practical.
Option B: Personally knowing the developers, and having a personal deep familiarity with their work. Available to a few people at most.
Option C: Trusting some random organization to certify the signing key, because your browser trusts them, which you trust mostly because you hope you didn't obtain a compromised version.
Option D: Trusting the WoT to certify the signing key.
Signal's model isn't going to work here. I've been at a talk by Roger Dingledine at FOSDEM, which filled most of Janson (the big auditorium). There's no way the poor guy is going to sit there signing the keys of all those people: https://external-preview.redd.it/Tcci3W9pcAD5FuRyCiMhl9vP...
And if he did, he'd still only reach a minuscule amount of people. You absolutely need an intermediary.
As far as I know it comes down to either CAs or the WoT in the end. CAs are very vulnerable to government interference. And the WoT only works so long everyone is being very careful, which many people aren't.
I think in the end you have to compromise and to make some assumptions. Either hope that efforts like certificate transparency are enough to patch up the deficiencies of CAs, or hope your usage of the WoT doesn't have any obvious issues with it.Trust
Trust
