From: | Curt Sampson <cjs(at)cynic(dot)net> |
---|---|
To: | Kurt Roeckx <Q(at)ping(dot)be> |
Cc: | Greg Copeland <greg(at)CopelandConsulting(dot)Net>, "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>, Neil Conway <neilc(at)samurai(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PGP signing releases |
Date: | 2003-02-04 04:35:47 |
Message-ID: | Pine.NEB.4.51.0302041326262.369@angelic.cynic.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, 3 Feb 2003, Kurt Roeckx wrote:
> I'm not saying md5 is as secure as pgp, not at all, but you can't
> trust those pgp keys to be the real one either.
Sure you can. Just verify that they've been signed by someone you trust.
For example, next time I happen to run into Bruce Momjian, I hope he'll
have his PGP key fingerprint with him. I can a) verify that he's the
same guy I who, under the name "Bruce Momjian," was giving the seminar I
went to last weekend, and b) check his passport ID to see that the U.S.
government believes that someone who looks him is indeed "Bruce Momjian"
and a U.S. citizen. That, for me, is enough to trust that he is who he
says he is when he gives me the fingerprint.
I take that fingerprint back to my computer and verify that the key I
downloaded from the MIT keyserver has the same fingerprint. Then I sign
that key with my own signature, assigning it an appropriate level of trust.
Next time I download a postgres release, I then grab a copy of the
postgres release-signing public key, and verify that its private key was
used to sign the postgres release, and that it is signed by Bruce's key.
Now I have a direct chain of trust that I can evaluate:
1. Do I believe that the person I met was indeed Bruce Momjian?
2. Do I trust him to take care of his own key and be careful signing
other keys?
3. Do I trust his opinion that the postgres release-signing key that
he signed is indeed valid?
4. Do I trust the holder of the postgres release-signing key to have
taken care of the key and have been careful about signing releases
with it?
Even if you extend this chain by a couple of people, that's trust in a
lot fewer people than you're going to need if you want to trust an MD5
signature.
cjs
--
Curt Sampson <cjs(at)cynic(dot)net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC
From | Date | Subject | |
---|---|---|---|
Next Message | Christopher Kings-Lynne | 2003-02-04 04:36:19 | Re: regression failure on freebsd/alpha |
Previous Message | Tom Lane | 2003-02-04 04:33:08 | Re: regression failure on freebsd/alpha |