[Freedombox-discuss] Would you sign a key with a pseudonymous keyholder name?

simo idra at samba.org
Sat Jul 21 14:05:57 UTC 2012 

On Sat, 2012-07-21 at 10:36 +0200, Jonas Smedegaard wrote: 
> On 12-07-20 at 04:42pm, bertagaz at ptitcanardnoir.org wrote:
> > On Thu, Jul 19, 2012 at 10:25:05AM +0200, Jonas Smedegaard wrote:
> > > On 12-07-19 at 02:09pm, Fifty Four wrote:
> > > > So, under what conditions would you give a Level 3 signing to a 
> > > > pseudonymous name on a key? I assume a Level 3 signing means Full 
> > > > validity?
> > > 
> > > Policies for keysigning is bound to the communities that use them.  
> > > For Debian the purpose of keysigning is to ensure linkage between 
> > > digital identity with a physical and legal identity: a passport is a 
> > > strong identifier there and pseudonyms are pretty much by definition 
> > > going against the very purpose of the aim for keysigning there.
> > 
> > Well, it's not that easy to assert that passports are strong 
> > identifiers.
> > 
> > It's a misconception that has been spread by the usual keysigning 
> > party policy, but that isn't that meaningful IMO.
> 
> Please note that I explicitly limited to the _Debian_ community treating 
> passports as strong identifier.
> 
> If you believe that is wrong, I suggest instead of raising the point 
> here that you instead help fix Debian documentation - e.g. file bugs 
> against www.debian.org for places like these (some of which existed even 
> when I became DD 12 years ago):
> 
> http://www.debian.org/devel/join/nm-step1
> http://www.debian.org/devel/join/nm-step2
> http://www.debian.org/events/keysigning
> http://www.debian.org/events/checklist
> 
> 
> > You can easily buy some forged one on some markets.
> 
> And you can easily buy a gun on some markets and threaten others to 
> reveal their private key.
> 
> Debian historically trusts government issued identification.  That may 
> change in the future, but Debian is not an anti-government organisation, 
> so maybe not.
> 
> It is perfectly valid and sane and exciting to apply other principles at 
> other communities, but saying that Passports are not strong identifiers 
> *for* *Debian* is plain wrong.

Jonas, any identification method is only as strong as the members of the
community are able to recognize a legit one from a false one.
Most people do not know how to recognize a true passport from a false
passport, in the Debian community like in any other, except, perhaps,
law enforcement.

GPG creates a web of trust, that means that just showing a document, in
theory, should not be enough, you should *trust* that the person is who
they claim they are. And if you know a person for some time it is just
silly to ask for a passport, your knowing the person is actually a
higher trust factor than a piece of paper that may be true or not.

This is a general property of webs of trust, it doesn't matter what
rules Debian decided to follow. However the way Debian does things they
could have equally decided to trust x509 user certs instead, if the only
thing you care is the passport, as a x509 user cert is normally released
only after a government document has been verified.

The *whole* point of a web of trust though, is that the identity is
validate by one person social graph. You know a number of people that
can vouch you have access to the private key. Technically it would be
sufficient to prove (by opening a message encrypted with the public key)
that you can open a message, and the peer can trust you are the person
behind the key. The reason why, on top of that, personal identification
of web of trust emerge is that you want to be sure that public/key pair
is associated to the identity other people will think is the person
holding the pair.

So in the end, from my personal POV, a signature carries a lot more
weight if the person applying it personally knows the person associated
to the GPG key, than if two bystanders that never interacted before just
sign a key based on a (supposedly) government issued ID.

If the GPG key were signed by a government, then things would be
different, because in order to obtain such a signature you would really
have to go through some serious verification of the government issued
ID, but that would have other implications that are at odds with the
needs of someone that needs to escape their government control.

Simo.

-- 

Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the Freedombox-discuss mailing list