| 1 |
On Friday 26 March 2004 10:41, Paul de Vrieze wrote: |
| 2 |
> On Thursday 25 March 2004 15:28, Jesse Nelson wrote: |
| 3 |
> > this is the biggest weaknes with PKI in the traditional sense. |
| 4 |
> > Everything comes down to 1 key or 1 set of keys. All trust is |
| 5 |
> > centralized. Relying on a few ppl to be "secure" with the keys |
| 6 |
> > isnot good imho.. People are inherantly lazy and thinking htat 99% |
| 7 |
> > of the time these keys wont be someplace they shouldn't be is using |
| 8 |
> > Faith as security, and personally i dont jib with that for a |
| 9 |
> > security model |
| 10 |
> |
| 11 |
> I agree, we could easilly have multiple master keys (which would |
| 12 |
> reduce the risk, however not mitigate it). PGP keysigning however |
| 13 |
> provides even less provable security. Instead it works by having as |
| 14 |
> many people as possible verify that you are who you say you are. That |
| 15 |
> is nice, but the only way that a third party that I don't know is |
| 16 |
> going to have some kind of trust that I am me is when my key is |
| 17 |
> signed by one or more keys that are trusted by this third party. To |
| 18 |
> achieve such a web it is required for keys to have a long lifetime. |
| 19 |
> Such a long lifetime in gpg sense conflicts with the invalidate by |
| 20 |
> default approach which requires shortlived keys. |
| 21 |
|
| 22 |
The master keys could be kept totally outside of the net too so only way |
| 23 |
to compromise those is to get physical access. Simple script that |
| 24 |
automatically generates a bunch of new keys when an USB mem card is |
| 25 |
inserted is pretty easy to make. And because the computer that would do |
| 26 |
this is in no danger to be exploited through network it really doesn't |
| 27 |
need to be updated. And if one gets physical access to the machine |
| 28 |
he/she can also get physical access to the user so it doesn't matter. |
| 29 |
|
| 30 |
-- |
| 31 |
gentoo-dev@g.o mailing list |
Archives