[rdfweb-dev] pgp signing

Fri Dec 20 14:37:49 UTC 2002

"Bill Kearney" <wkearney99 at h...>
> > Pointing to a location of the key inside the document we're signing
> > strikes me as a rather odd sort of security. We can't trust the
document
> > until we've checked the signature, but we can only check the document
by
> > trusting the contents. That doesn't work. the key discovery has to
be
> > seperate to the document.
>
> The keys are from a third party. This is simply an identifying marker.
I do
> not see how making note of a key ID in this context has any sort of
trust or
> security issues.

It's an irrelevance, we have no way of trusting that the key is from who
you say you are, and the fact that I'm getting it from where _you say_ to
me makes it less trustworthy than one obtained independently

> > The keyservers are searched with the ID of the key, not by searching
for
> > people,
>
> Nope, I searched for the text "ley" and got your key. Along with
noticing a
> boatload of other folks named Ley. Now, how would I "tell" that the
PGP key is
> in any way related to something I come across?

You're looking at the situation backwards, the situation is we have some
RDF, it's signed, we need to know who signed it. The situation of "I
have a key, find me something signed with it" strikes me as an odd one.

> > I'm not, and never will be _defined by_ RDF, an RDF doc is just a
> > collection of statements.
>
> Please, I'm not arguing that whole point. I'm simply focusing on that
if folks
> wanted to use foaf or something like it there's a high probability
they're going
> to want some control over making authoritative statements about the
contents.

Absolutely, and signing foaf files is how we do that, _however_ including
the key it was signed against within the file is an irrelevance (and a
slightly dangerous one IMO). The document cannot be trusted until we
check the signature, therefore anything within the document cannot be
used to check the signature (other than for finding the signature itself)
By all means encode a location of your public key in the document, but
that does not help make the document more trustable than not having it.

>>>If there's not a way to determine what an individual claims then how
>>>will it be
>>>possible to avoid hijacking someone else's triples?
>>
>> You signed it, don't sign something you don't agree with.
>
> Ok then, if I sign a document that contains statements about someone
else, how
> will someone else be able to untangle who's authoritative about those
> statements?

That's outside the scope of the RDF level It's up to the
user/application/whatever on what to trust, and it's also the context of
the triples, ie I trust the person with the email address
jim at j... more when they're talking about the person with the
email address jim at j... than I do when they're talking about the
person with the email address fredd.bloggs at e... . Who signed a
file doesn't make me trust all of it. Trust is not a binary thing.

Jim.