https://tanguy.ortolo.eu/blog/article9/pgp-signature-infos en a blog about Debian and self-hosting Fri, 14 Dec 2012 14:27:00 +0000 PluXml https://tanguy.ortolo.eu/blog/article9/pgp-signature-infos/#c1355495233-1 https://tanguy.ortolo.eu/blog/article9/pgp-signature-infos/#c1355495233-1 additional info + domain explained: http://web.monkeysphere.info/doc/trust-models/ Fri, 14 Dec 2012 14:27:00 +0000 derp https://tanguy.ortolo.eu/blog/article9/pgp-signature-infos/#c1306473831-1 https://tanguy.ortolo.eu/blog/article9/pgp-signature-infos/#c1306473831-1 I'm not convinced that adding more detail to your OpenPGP certifications is necessarily positive. I tend to think that we should use the public WoT to establish a baseline of *identity*, and that making it more complex than that actually causes the public certifications to leak more information about personal relationships than we need it to. I've never seen any tool make use of "Certification level" (and WoT inference is certainly confusing/complex enough without them) -- so adding that information is really only likely to give extra hints to people interested in mining your social relationships for data (they can focus more on your "extensive verification" certifications). "Trust signatures" in certifications are potentially quite dangerous in several ways. Indicating Trust level exposes you to some risk: An attacker who wants to convince you of a bogus key+identity needs to get that key certified by someone that you trust. If you publish your entire trust set in your certifications) (ownertrust in gpg is by default a privately-held preference), you're making that attacker's job much easier. Trust depth is troublesome because it extends that same risk to everyone who depends on you for certification; if you publish a trust depth of > 1, then everyone who is willing to accept certifications made by you is now vulnerable to an attack on any of the keys in question. This is like an X.509 Certificate Authority granting blanket Certficate Authority status to a child CA. They actually do this in the X.509 world, and it's one of the many reasons that X.509 is problematic: https://www.eff.org/observatory Domain-scoping of trust signatures are a mitigating factor -- you can say "i trust this Maria Sanchez to reliably certify any key with an associated e-mail address within the foo.example domain (i.e. ending with @foo.example)". This is useful because it means that you're willing to accept Maria Sanchez has control over that domain, and can legitimately introduce you to anyone within it; but you don't need to automatically believe her when she tries to introduce you to "Barack Obama <president@whitehouse.gov>". That said, almost no one uses domain-scoping, and the way it's implemented (regex-filtering within a trust-sig) has some potentially dubious aspects. Using a trust-sig within a non-exportable signature as a way to avoid setting blanket ownertrust is probably reasonable; that way you get the benefit of scoping without leaking the relationship info to the outside world. But i don't know many people who operate this way. Here is a related post i made to gnupg-users recently pushing back against storing more relationship data in OpenPGP certifications: http://lists.gnupg.org/pipermail/gnupg-users/2011-April/041523.html Fri, 27 May 2011 05:23:00 +0000 Daniel Kahn Gillmor