[kde-community] KDE Sysadmin and GPG Encryption
Jeff Mitchell
mitchell at kde.org
Tue Jul 26 23:17:22 BST 2016
I would avoid reading much, if anything at all, into what Boudhayan
wrote, both from the perspective of the sysadmin team and even Boudhayan
himself.
--Jeff
On 7/26/2016 5:46 PM, Ingo Klöcker wrote:
> On Tuesday 26 July 2016 16:01:15 Luigi Toscano wrote:
>> On Tuesday, 26 July 2016 19:25:25 CEST Boudhayan Gupta wrote:
>>> 2) GPG doesn't simply encrypt the email, but also digitally signs
>>> it.
>>> Signatures are required to prove the authenticity of the email, and
>>> to detect if it was tampered with. However, given our email
>>> infrastructure, a GPG signature is meaningless. Anyone can create a
>>> GPG key, encrypt the email and send it out. To trust the public key,
>>> it would have to be either (a) distributed in a trustable way, which
>>> brings us to the same sitation as the SSH host key, (b) signed by
>>> another trusted entity (a person), after a face-to-face meeting, or
>>> (c) signed by members of a web of trust (which recursively requires
>>> one of (a) and (b)). Given we live in such physically diverse
>>> location (in fact, Ben lives in New Zealand; meeting enough KDE
>>> contributors face to face willing to sign his key is prohibitvely
>>> time, effort and finance consuming). If you can't establish trust
>>> of a GPG public key, the signature is meaningless.
>>
>> I strongly disagree with this. While it is complicated in Ben's case,
>> we had GPG signing party at the past Akademy and we can rebuild the
>> web of trust. Debian works like this. We can have one at the QtCon
>> (with also people from other communities including FSFE). So
>> *signing* the announcement emails should not be discouraged like it
>> is in this email.
>
> I very much agree with Luigi. IMHO, OpenPGP signatures are the most
> trustworthy kind of proof of authenticity (provided the key fingerprint
> has been verified in a way that's as secure as a face-to-face meeting
> and that the key's owner takes good care of her key).
>
>
> I disagree that it's difficult for the admin team to verify and then
> sign Ben key. For example, I think that this could be done via a voice
> chat provided the admin team regularly does voice chats and therefore
> recognizes Ben's voice. I don't care whether Ben's really called Ben and
> lives in New Zealand. All that I care for is that the admin known to us
> as Ben has sent the announcement with the new server fingerprint. And
> this I could have asserted easily, if the admin team would have cross-
> signed their OpenPGP keys and I would have verified the OpenPGP keys of
> one, or better two, admin in a keysigning meeting, e.g. at Akademy.
>
>
> I agree that encrypting the public information about the server
> fingerprint would not have made any sense, but I guess that the people
> who complained actually wanted the message to be signed rather than be
> encrypted. OTOH, claiming that "GPG encryption is fundamentally broken"
> is unacceptable. GPG encryption is anything but broken (if it's used in
> the right way, i.e. to encrypt information exchanged between parties who
> have verified their OpenPGP key).
>
>
> Regards,
> Ingo
>
>
>
> _______________________________________________
> kde-community mailing list
> kde-community at kde.org
> https://mail.kde.org/mailman/listinfo/kde-community
>
More information about the kde-community
mailing list