On Mon, 3 Feb 2003, Kurt Roeckx wrote:
> I'm not saying md5 is as secure as pgp, not at all, but you can't
> trust those pgp keys to be the real one either.
Sure you can. Just verify that they've been signed by someone you trust.
For example, next time I happen to run into Bruce Momjian, I hope he'll
have his PGP key fingerprint with him. I can a) verify that he's the
same guy I who, under the name "Bruce Momjian," was giving the seminar I
went to last weekend, and b) check his passport ID to see that the U.S.
government believes that someone who looks him is indeed "Bruce Momjian"
and a U.S. citizen. That, for me, is enough to trust that he is who he
says he is when he gives me the fingerprint.
I take that fingerprint back to my computer and verify that the key I
downloaded from the MIT keyserver has the same fingerprint. Then I sign
that key with my own signature, assigning it an appropriate level of trust.
Next time I download a postgres release, I then grab a copy of the
postgres release-signing public key, and verify that its private key was
used to sign the postgres release, and that it is signed by Bruce's key.
Now I have a direct chain of trust that I can evaluate:
1. Do I believe that the person I met was indeed Bruce Momjian?
2. Do I trust him to take care of his own key and be careful signing other keys?
3. Do I trust his opinion that the postgres release-signing key that he signed is indeed valid?
4. Do I trust the holder of the postgres release-signing key to have taken care of the key and have been careful
aboutsigning releases with it?
Even if you extend this chain by a couple of people, that's trust in a
lot fewer people than you're going to need if you want to trust an MD5
signature.
cjs
--
Curt Sampson <cjs@cynic.net> +81 90 7737 2974 http://www.netbsd.org Don't you know, in this new Dark Age, we're
alllight. --XTC