1 |
On Tuesday 06 August 2002 02:00 am, Ryan Phillips wrote: |
2 |
> On Mon, 5 Aug 2002 23:18:52 +0200 |
3 |
> |
4 |
> Lukas Beeler <lb-lists@××××××××××××.org> wrote: |
5 |
> > * Ryan Phillips <ryan.phillips@××××.edu>: |
6 |
> > > Not entirely the case... Daniel could call me, and since I trust |
7 |
> > > daniels PGP key I could have him sign a quote that I state over the |
8 |
> > > phone. |
9 |
> > |
10 |
> > And how exactly do you make sure, that you are talking to Daniel? |
11 |
> > You dont have a Passport, which officially states who he is, you |
12 |
> > cant compare the foto. Signing over a phone line is completely |
13 |
> > worthless, and destroys the web of trust. |
14 |
> |
15 |
> I'm guessing I would meet him at Linux World... |
16 |
|
17 |
Not only that, but you *can* verify someone is who they say they are over the |
18 |
phone, if you've spoken to them in the past and can recognize their voice. |
19 |
Now if you want to get into ultra-paranoid concerns about people synthesizing |
20 |
or mimicking someone elses voice than go right on ahead, but I would point |
21 |
out that it would be easier for a cracker to make a fake passport with his |
22 |
picture on it and claim the developer's identity in person, so even a face to |
23 |
face meeting isn't foolproof. |
24 |
|
25 |
The moral: if the CIA or the FBI are intent on 'cracking' gentoo, then they |
26 |
are probably going to succeed. However, it is extraordinarilly unlikely that |
27 |
they would have any reason or incentive to do so, and the deception will |
28 |
collaps anyway as soon as the real developer emerges or discovers things are |
29 |
being signed on his/her behalf. |
30 |
|
31 |
In a more general sense, there are two webs of trust that need to be |
32 |
addressed, separately. |
33 |
|
34 |
One is the web of trust between developers. Spider, drobbins, et. al. need to |
35 |
be able to be confident that things signed by each other and other developers |
36 |
are authentic. This web of trust should be built carefully, ideally by face |
37 |
to face meetings or a key-signing party, but snail mailing a hard copy of the |
38 |
public key fingerprint, and verifying the credentials over the phone once it |
39 |
arrives, is more than likely very sufficient. |
40 |
|
41 |
The other is the web of trust between the developers and the world at large. |
42 |
This can be a little looser, and should probably take the form of a public |
43 |
keyring of all the developers' public keys, downloadable from a separate |
44 |
server than the rsync and tarball mirrors are downloaded from, made available |
45 |
on several diverse, independent public key servers, and probably sold on |
46 |
CDROM for a nominal price for companies and organizations that want to be |
47 |
really, really certain they've got legitimate keys. |
48 |
|
49 |
Nothing is perfect, but this is a solid foundation for building up a good web |
50 |
of trust. Solid is really all we can ask for, and I would suggest it is a |
51 |
mistake to refrain from doing anything merely because perfection is |
52 |
impossible. In a world of billions, we can't ALL attend key signing parties |
53 |
and meet the people we correspond with face to face, just as we cannot verify |
54 |
every signature, on every letter we receive. This is no reason for people to |
55 |
start passing unsigned checks, however. |
56 |
|
57 |
Jean. |