diff options
| author | Owen Jacobson <owen.jacobson@grimoire.ca> | 2015-01-27 12:02:52 -0500 |
|---|---|---|
| committer | Owen Jacobson <owen.jacobson@grimoire.ca> | 2015-01-27 12:02:52 -0500 |
| commit | cec54d6d398e21cddfef6448e3f002fbe51f8efd (patch) | |
| tree | 4b5629b598bc31f4391544140fe4288eb24c5700 | |
| parent | f68e958f9511ea100a64f248220223f65c815316 (diff) | |
More GPG hate.
| -rw-r--r-- | wiki/gpg/terrible.md | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/wiki/gpg/terrible.md b/wiki/gpg/terrible.md index 08f36ed..b916b79 100644 --- a/wiki/gpg/terrible.md +++ b/wiki/gpg/terrible.md @@ -46,6 +46,23 @@ the community at large discourages their use unless they can be traced back to some legal identity. Autonyms keys tend to go unsigned by any other key, cutting them off from the GPG trust network's validation effect. +As [@wlonk](https://twitter.com/wlonk/) put it: + +> I care about communicating with the coherent theory of mind behind @so-and-so. + +## Issuing Identities + +GPG makes issuing new identities simultaneously too easy and too hard for users. +It's hard, because the _only_ way to issue a new identity on an existing key +(and thus associated with and able to share correspondence with an existing +identity) requires that the user have access to their personal root key. There's +no way to create ad-hoc identities and bind them after the fact, making it hard +to implement opportunistic tools. (OTR's on-demand key generation fails to the +opposite extreme.) It's easy, because there's no mechanism beyond the web of +trust itself to vet newly-created keys or identities; the GPG community +compounds this by demanding that everyone carefully vet legal identities, making +it _very_ time-consuming to deploy a new name. + ## Finding Paul Revere It turns out autonymity in GPG would be pretty fragile even if GPG's user @@ -68,6 +85,12 @@ illegitimate keys. GPG assumes everyone will be constantly on watch for unusual signing activity, and perfectly aware of the safety of their own keys at all times. +Given that the GPG signature graph is largely public, it should be possible to +moderate signatures using clique analysis, limiting the impact of a trusted +party who signs inauthentic identities. Unfortunately, GPG makes it challenging +to implement this by providing almost no support for iteratively deepening the +local keyring by downloading signers' keys as needed. + ## Interoperability Sending a GPG-signed message to a non-GPG-using normal human being is a great |