Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I scanned this thread and was a bit disappointed. Lots of apparently competent people arguing from false assumptions.

None of you know me from Adam. If we met at a key-signing party, you would have no reason to trust this guy with an odd scare and a week's growth of whiskers on his face. Face to face is only useful if the face matches a familiar pattern.

Shoot, I know most of you better from the patterns in your posts than I would know you if we met face to face.

You could show me your passport and other ID (including the electronic ones), and I would still know more about you from the patterns of your posts on the list.

In the real world, if Jack Smack comes up to me and tells me my cousin is introducing him, I check with my cousin, and I still don't really trust him until I get to know him. Dorothy Developer who is an acquaintance of a friend of a developer known by a couple of guys I met at the last Linux conference I attended has an advantage in numbers, but I still don't trust her programming until I have run her stuff a couple of times. And checked my logs

Chain of trust is an illusion. So is a web of trust.

What I do have is a running OS and log files in my firewalls. And memories of domain names I have surfed by.

That the keys posted on the mirrors and the main site match is good evidence of a number of people cooperating. That is why I trust the keys enough to try the OS, and I could trust them no more were they to be signed by someone chained back to verisign or whoever.

Speaking of verisign, trusting a single entity as a "root of trust" is not far removed from trusting some charismatic religious or philosophical type to be your moral root. The CAs can serve a purpose, but they tend to be used against that purpose more than for.

The best use of the keys is as a checksum. Isn't that clear?

Joel Rees

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux