Reflections on Trusting Trust

[Alexander Leidinger]

Kurt Seifried <listuser at seifried.org> wrote:

> should have people upload their keys. On another note I am available 
> to sign PGP keys (proving your key/identity is an excercise left to 
> the reader =),

or to the signer... the keys are available in the handbook (either from
www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) and sending
them to the @FreeBSD.org address should put them in to the hands of their
owners (and if not, it doesn't matter, they just don't get your signature on
their key). And AFAIK this is all PGP is supposed to verify, that the person
behind "user at example.tld" is the same as the person with access to the
secret key for this address. Please correct me if I'm wrong and PGP also is
supposed to e.g. verify that the name is the same as on the passport or
whatever way of personal identification is available where the owner of the
key to sign lives).

But this assumes the signer trusts the FreeBSD.org security: Access to the
FreeBSD.org machines is only granted with a known ssh v2 key. Such a key is
put in place by an admin, who got the key in a secure manner (either via a
PGP signed mail or uploaded to such a machine via scp by an already trusted
person). Without ssh access there's no way to insert a key into the CVS
repository.

My Alexander at Leidinger.net key is also available from
https://keyserver.pgp.com (I just noticed that my @FreeBSD.org key is not
available there... I should correct this). I verified (by inspecting the
fingerprint) that the key which is available from there is my own one before
acknowledging their verification procedure (see
https://keyserver.pgp.com/vkd/VKDVerificationPGPCom.html for the drawbacks
of their approach).

Bye,
Alexander.

-- 
http://www.Leidinger.net  Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org     netchild @ FreeBSD.org  : PGP ID = 72077137
The human mind treats a new idea the way the
body treats a strange protein: it rejects it.
		-- P. Medawar