[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, 29 Apr 2013 09:47:20 +0100 Philip Hudson <phil.hudson@xxxxxxxxx> wrote: > I wish this stuff was less complicated, but ATM it seems like public > key cryptography + web of trust *is* the simplest possible solution. > Unfortunately that limits it to the cross section of the upper > quartile of the IQ range, people with access to learning about it, > people with the time to learn it, people with the inclination to learn > it, people who (see that they) have a need for it, and people with > usable tools. To a first approximation, the population of that set is > zero. Damn damn damn. It's not zero, it is slightly higher. Probably the single largest contributor to and user of the GnuPG Web of Trust is Debian as it is the basis of the authentication of uploaded packages and attribution to individuals. My GnuPG signature on a package upload will allow installation of that upload onto hundreds of mirrors all across the world and then get installed (sometimes automatically) by uncountable machines, as root. The signature process needs to work. The Web of Trust has the concept of a "strong set" which is keys which are signed by each other in ever increasing loops. The majority of the current strong set are or have been Debian Developers or GnuPG maintainers. Keys must be signed by keys of current Debian Developers to be included into the keyring for uploads, so perpetuating the strong set. Part of the authentication layer is 'caff' - the fire-and-forget GnuPG key signature helper. There are many ways of doing the person-to-key authentication involving face-to-face contact and various methods of identification. Once that stage is done, the signer verifies the fingerprint of the signee's key and signs it. The signature data is exported and then *encrypted* to the signee and emailed by caff. So here is probably the largest routine use of encrypted emails: To carry the signature data from the signer to the signee in such a way that only the signer and the signee can decrypt the signature. Once decrypted, the data is imported and uploaded by the signee. If it cannot be decrypted, no signature is published. The system isn't perfect, it relies on a variety of stages which all need to be trusted separately, but within the subset of people where this is important, it does work. -- Neil Williams <linux@xxxxxxxxxxxxxx>
Attachment:
pgpkx9pRZiByF.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq