Robot CA at toehold.com

Michael Nahrath gnupg-users@nahrath.de
Sun Dec 8 17:47:03 2002


Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch> schrieb am
2002-12-08 16:07 Uhr:

> On Sun, 2002-12-08 at 13:22, David Shaw wrote:
> 
>> Which raises an interesting question.  Should people (real people, not
>> other robots) sign the robot's key.  I strongly feel the best answer
>> here is "no".  There is no need to - the robot is a CA and has that
>> authority with or without such signatures.  Signing a robot key also
>> encourages people who don't need to use this system to use it anyway
>> because it hooks them into the web of trust via a weakly-checked back
>> door.
> 
> Hmmm. Collecting signatures on a key is collecting trust. Personally, I
> do sign keys of CAs I trust (with a policy URL with a statement how much
> I trust them). 

Signing doesn't express anything about trust. It is about identity.

Signing a CA means that you have checked that the CA's key really belongs to
the organisation that runs the CA service.

I guess you did this with key 0xB3B2A12C
The CA is driven by a computer magazine and they print this key's
fingerprint to each edition, so you can verify it (meaning: "this key really
belongs to this company").

So you had occation to verify the key belongs to its (non human) owner by a
second chanel than the internet (paper).

> So, if I'd trust a robotCA and I encounter people whith
> robot-CA-signed keys (where I can't establish trust through better
> ways), I will trust the robotCAs key.

How you set the ownertrust for a key is your personal matter.
 
> When I see a CA key and I see that some famous people (in my case, this
> would mean gpg-wise or Debian-wise) have signed that CAs key, I'm
> inclined to trust their business as serious.

So you should give ownertrust to the CA's key.

Still no reason to sign it if you have no independent proof for it.

(Maybe if you have revised the code and have a way too proove, that it is
still exactly that code that runs on the server might be a one)

> When I see a CAs key and
> virtually nobody has signed the key, I start to wonder...

Why should anybody sign Kyle's internet-service?

At the moment only he can proove that it really is his program.

If you want to build a trust path to his robot sign _his_ key and give full
ownertrust to Kyle's key!

(or find another chain of ownertrusted signatures that leads to him.
Maybe you already have one:
<http://keyserver.kjsl.com/~jharris/gpgwww.cgi?from=92082481&to=2A94C484>)

Greeting, Michi