tech-security: Re: key trust management (Re: adding gpg to src/gnu/dist)

Subject: Re: key trust management (Re: adding gpg to src/gnu/dist)
To: Daniel Carosone <dan@geek.com.au>
From: Love <lha@stacken.kth.se>
List: tech-security
Date: 05/15/2004 10:18:39

--=-=-=

Daniel Carosone <dan@geek.com.au> writes:

> On Fri, May 14, 2004 at 01:46:28PM +0200, Love wrote:
>> 
>> Daniel Carosone <dan@geek.com.au> writes:
>
> [ about the fact that gpg allows multiple signatures on it's
> "certificates" and x.509 doesn't. ]
>
>> > For the case of key management, it's the biggest downfall of the x.509
>> > cert format, compared to pgp.  GPG allows that inherently, which is a
>> > good thing, and something we wouldn't want to "lose" otherwise -
>> > though it does complexify the key trust decisions. 
>> 
>> I think you get this wrong, how can you from a pgp certificate figure out
>> if the signer is approved by NetBSD to be distribution binaries when its in
>> your web of trust from your "trust anchor" ? By name, by keyid, one hop, N
>> hops ?
>
> The same way you would with a x.509 cert. In the x.509 world, you'd
> have a "NetBSD distribution certifier" (I)CA, that would sign the keys
> used for each release (or sign the distribs directly, whatever).

So you want to build uni-directional web-of-trusts for each key usage ?

this gpg anchor and all keys it signs, can be used for release signing
this other gpg anchor (and all ...) can be used for pkg-bin signing
this thirds gpg anchor (and all ...) can be used for third purpose...

All those anchor needs to be signed by the developers directly.

> In the gpg world, you'd have the same signature on a release signing
> key, it's just that there might be other sigs on it as well.

I'm not talking about signs on the anchor, I'm talking about the signs that
tha anchor is allowed (by policy) to make.

Also, how do I limit the pgp trusts in time ?

I will trust my CA ~ forever, how can the CA limit what rights its going to
delegate.

X509 sucks, but I think PGP doesn't even try to solve any of more then just
establish identities, it never communicates what the signer intented
he/she/it would allow the signed certificate to do.

Love

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iQEVAwUAQKXSY3W+NPVfDpmCAQJ2xAgAuT8VpgQHX9vCpY+ZR7oAa0gm09ix/WBE
eDg4Idw7UWsRULYhZ1+rrKlXvXdhuT2tUCzq0O91EIHd9oAMuc+O2EVY4ZCh606P
5OYDWlJw8fjCT2PBdrAkGO5mTIV7KbsdIa8oztnSQW12o0qHjCL00Nz0Hj7ExUIJ
AuuOv72fE1kpZtPvEPoi52wSnoEjk6e/q240nYKUpMjhTx3mSH/ZqXGhFlEnOXkB
z3RIUSBCfxUhhzNGAPsL8o2wZl3OIAZ/7oVGQmZQkp/xTQnt4dkdruvDczOMskYq
PGeuy2JXSEqijYq1DRbNICv6DpSaqbgk+gTHQ7OoCNG2A62CHRA1Zg==
=Uify
-----END PGP SIGNATURE-----
--=-=-=--