On Fri, 09 Sep 2011 16:23:50 +0700, JT S said: > revoke. For all I know, anyone who breaks into any CA which is trusted > by my browser can issue and sign a cert for any domain and the browser > will blindly accept it. Yep. That's how it works... > I personally would prefer that the browsers only trust keys that I > have signed, have low trust for keys signed by keys I have signed, and > no trust for the rest. Paging Phil Zimmerman.... > I'd really like the ability to walk into western union or my bank or local > google office and sign their key as well as the ability to revoke my signature > without revoking my key. A big chunk of the problem there is that although you might *like* that ability, it really presupposes the existence of an office you can walk into. I've never seen a local Google office, and at least around here, Western Union offices are just a terminal at the customer service desk of supermarkets. There's a second, more subtle problem - if you *did* find an office, what exactly are you attesting by signing something? If you talk to me at a key signing party, I'll claim that key B4D3D7B0 is mine - and more importantly, I can (at least in theory, if I have my laptop with me) *prove* I control it by generating signatures with it. However, if you walk into a Western Union branch office, all the guy can claim is "Yeah, that fingerprint you have for our key matches what was on the piece of paper they mailed us last year". However, *the guy at the branch is no more able to verify that piece of paper than you are*. He can't prove control of the key by signing something with the Western Union key (and if he *could*, that's even *more* scary). Then there's the third problem - currently, I have *6* keys on my PGP keyring that are specifically flagged as "do not trust" because I've found copies of my key signed by them when I know for a fact I've never met the person and had them verify my key. Ming you, there's only about a dozen valid signatures on my key. In other words, my personal set of "personally verified as Doing It Wrong" is half the size of "people who do it right". And that's among people that are smart enough to use PGP. What is the meaning of any single given signature (including yours) on a key when every Joe Sixpack who doesn't even really understand keysigning is going around and signing keys? What do you do if a key has 3 million signatures, but 1M of them are probably bogus? I won't discuss the question of how you maintain a web-of-trust structure with 10M entries in it - the current PGP strong set has only about 45K in it at the moment.
Attachment:
pgpAXbAJY_q90.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/