1 |
On Friday 26 March 2004 10:41, Paul de Vrieze wrote: |
2 |
> On Thursday 25 March 2004 15:28, Jesse Nelson wrote: |
3 |
> > this is the biggest weaknes with PKI in the traditional sense. |
4 |
> > Everything comes down to 1 key or 1 set of keys. All trust is |
5 |
> > centralized. Relying on a few ppl to be "secure" with the keys |
6 |
> > isnot good imho.. People are inherantly lazy and thinking htat 99% |
7 |
> > of the time these keys wont be someplace they shouldn't be is using |
8 |
> > Faith as security, and personally i dont jib with that for a |
9 |
> > security model |
10 |
> |
11 |
> I agree, we could easilly have multiple master keys (which would |
12 |
> reduce the risk, however not mitigate it). PGP keysigning however |
13 |
> provides even less provable security. Instead it works by having as |
14 |
> many people as possible verify that you are who you say you are. That |
15 |
> is nice, but the only way that a third party that I don't know is |
16 |
> going to have some kind of trust that I am me is when my key is |
17 |
> signed by one or more keys that are trusted by this third party. To |
18 |
> achieve such a web it is required for keys to have a long lifetime. |
19 |
> Such a long lifetime in gpg sense conflicts with the invalidate by |
20 |
> default approach which requires shortlived keys. |
21 |
|
22 |
The master keys could be kept totally outside of the net too so only way |
23 |
to compromise those is to get physical access. Simple script that |
24 |
automatically generates a bunch of new keys when an USB mem card is |
25 |
inserted is pretty easy to make. And because the computer that would do |
26 |
this is in no danger to be exploited through network it really doesn't |
27 |
need to be updated. And if one gets physical access to the machine |
28 |
he/she can also get physical access to the user so it doesn't matter. |
29 |
|
30 |
-- |
31 |
gentoo-dev@g.o mailing list |