UI terminology for calculated validities

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Apr 23 00:38:36 CEST 2014


On 04/22/2014 06:11 PM, Peter Lebbing wrote:
> In your example, you do not trust the two keys differently[1]. However, due to a
> technicality, you can't assign both the same ownertrust, because they would add
> up. I don't think this is a fundamental thing that changes the concept of
> ownertrust, it is an unfortunate technicality. If GnuPG were somehow enhanced
> that you could mark them as "this is the same person", you would assign both
> "marginal" and benefit from certifications of either key. If it's that easily
> fixed, it's not a fundamental issue in my book.
> 
> Peter.
> 
> [1] Although you might mistrust a key that's no longer considered secure by
> current cracking standards. Again, not an issue with trust in the owner, but a
> technicality.

I understand your argument, and i agree that this reflects a technical
weakness in the GnuPG cryptographic certification mechanism based on
what it knows about keys, and how it makes validity calculations.  Did
you see my two proposals at the end of my note about ways it could be
improved if anyone has time and effort to put into it?  the "same owner
if both assert the same user ID" fix might be the least-fiddly one,
which would catch a large fraction of the cases in question.  But it
still wouldn't cover circumstances where you know someone who has a
"work key" and a "home key" where the User IDs are disjoint.  What would
you think about work key/home key distinctions?  what if the work key
was stored on a machine administered by the local sysadmin?

Adding in a separate "person" concept to the gpg keystore seems much
more fiddly and complex in terms of UI/UX, unless gpg is willing to
commit to being a full contact manager (which i don't think it
necessarily should be).

So anyway, i think i generally agree with you that the concept itself
should stay at "ownertrust", though i do have some concerns about the
work/home split, where i can imagine different levels of care taken by
the same person in different contexts (perhaps by enforced workplace
policy, even).

thanks for the discussion,

	--dkg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140422/0f12d756/attachment.sig>


More information about the Gnupg-users mailing list