Re: pgp signing in van

Melinda Shore <melinda.shore@gmail.com> Sat, 07 September 2013 01:24 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B8E021E80B5 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 18:24:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzCUiZrHl7eG for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 18:24:44 -0700 (PDT)
Received: from mail-pa0-x22f.google.com (mail-pa0-x22f.google.com [IPv6:2607:f8b0:400e:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 76ABE21E80B4 for <ietf@ietf.org>; Fri, 6 Sep 2013 18:24:41 -0700 (PDT)
Received: by mail-pa0-f47.google.com with SMTP id kl13so3997136pab.20 for <ietf@ietf.org>; Fri, 06 Sep 2013 18:24:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=JgllMDwL+Q8FNc//KiTNJyhrSjbjqZTIORN1MGQOArE=; b=Ldtznfw0cwAafQh8+RiVvyhC0rKEMZR7GCvrBG9nEM58VL4c2WxFI0Go3VPNDb4aos ImXx7LGcxmFP3uYZiTt+nX1dUDWCVIdVyJ/OwGQcS4PGAEEt1ihSuXJemjDDka1J+H1X CvDtGy76Qwwatd0NHqUHTvepefj/0OuVqG37VWZF3VkBaZ75qXl2v0NE27AbW94PC7gn VPgZ66RbgyfsBwqSxW8QMUC0AxfXTflUZhgDC0CWpjaJ9r+kCuVQS1incb9JJ45yZcJw nltjbADVQDB5YArQMNQVnAS7MpDBV/e/8F8WvGeo7mZBKE95l+c67etTO87oUrCCkpW3 yjQQ==
X-Received: by 10.68.220.193 with SMTP id py1mr5898585pbc.150.1378517081206; Fri, 06 Sep 2013 18:24:41 -0700 (PDT)
Received: from spandex.local (66-230-112-61-rb1.fai.dsl.dynamic.acsalaska.net. [66.230.112.61]) by mx.google.com with ESMTPSA id oj6sm994154pab.9.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 06 Sep 2013 18:24:40 -0700 (PDT)
Message-ID: <522A8055.30805@gmail.com>
Date: Fri, 06 Sep 2013 17:24:37 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Ted Lemon <ted.lemon@nominum.com>
Subject: Re: pgp signing in van
References: <m2zjrq22wp.wl%randy@psg.com> <2309.1378487864@sandelman.ca> <522A5A45.7020208@isi.edu> <CA2A6416-7168-480A-8CE1-FB1EB6290C77@nominum.com> <522A71A5.6030808@gmail.com> <6DE840CA-2F3D-4AE5-B86A-90B39E07A35F@nominum.com>
In-Reply-To: <6DE840CA-2F3D-4AE5-B86A-90B39E07A35F@nominum.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: IETF Disgust <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Sep 2013 01:24:45 -0000

On 9/6/13 5:09 PM, Ted Lemon wrote:
> This is what I mean by "a high bar."   Signing someone's PGP key
> should mean "I know this person as X," not "this person is X."

I have no idea what "should" means in this context.  It seems
to me, from looking at this discussion (as well as from other
discussions around this topic) that different people have
different trust models in mind with quite possibly no two alike.
I guess part of the question here is whether not PGP key
signatures entail the signer being willing to vouch that the
key holder is who they say they are.  I'm not sure why
"I know this person as <X>" provides much more reliability
than someone asserting their own identity.

Melinda