[kde-community] KDE Sysadmin and GPG Encryption

Harald Sitter sitter at kde.org
Wed Jul 27 10:06:50 UTC 2016


If it helps the cause I'll fly around the world on my own dime and
web-up everyone in the sysadmin team who otherwise doesn't go to KDE
meetups so you have at least one link that connects you to the rest of
the world. I haven't had a proper vacation in years anyway ;)

On Tue, Jul 26, 2016 at 11:46 PM, Ingo Klöcker <kloecker at kde.org> wrote:
> On Tuesday 26 July 2016 16:01:15 Luigi Toscano wrote:
>> On Tuesday, 26 July 2016 19:25:25 CEST Boudhayan Gupta wrote:
>> > 2) GPG doesn't simply encrypt the email, but also digitally signs
>> > it.
>> > Signatures are required to prove the authenticity of the email, and
>> > to detect if it was tampered with. However, given our email
>> > infrastructure, a GPG signature is meaningless. Anyone can create a
>> > GPG key, encrypt the email and send it out. To trust the public key,
>> > it would have to be either (a) distributed in a trustable way, which
>> > brings us to the same sitation as the SSH host key, (b) signed by
>> > another trusted entity (a person), after a face-to-face meeting, or
>> > (c) signed by members of a web of trust (which recursively requires
>> > one of (a) and (b)). Given we live in such physically diverse
>> > location (in fact, Ben lives in New Zealand; meeting enough KDE
>> > contributors face to face willing to sign his key is prohibitvely
>> > time, effort and finance consuming). If you can't establish trust
>> > of a GPG public key, the signature is meaningless.
>> I strongly disagree with this. While it is complicated in Ben's case,
>> we had GPG signing party at the past Akademy and we can rebuild the
>> web of trust. Debian works like this. We can have one at the QtCon
>> (with also people from other communities including FSFE). So
>> *signing* the announcement emails should not be discouraged like it
>> is in this email.
> I very much agree with Luigi. IMHO, OpenPGP signatures are the most
> trustworthy kind of proof of authenticity (provided the key fingerprint
> has been verified in a way that's as secure as a face-to-face meeting
> and that the key's owner takes good care of her key).
> I disagree that it's difficult for the admin team to verify and then
> sign Ben key. For example, I think that this could be done via a voice
> chat provided the admin team regularly does voice chats and therefore
> recognizes Ben's voice. I don't care whether Ben's really called Ben and
> lives in New Zealand. All that I care for is that the admin known to us
> as Ben has sent the announcement with the new server fingerprint. And
> this I could have asserted easily, if the admin team would have cross-
> signed their OpenPGP keys and I would have verified the OpenPGP keys of
> one, or better two, admin in a keysigning meeting, e.g. at Akademy.
> I agree that encrypting the public information about the server
> fingerprint would not have made any sense, but I guess that the people
> who complained actually wanted the message to be signed rather than be
> encrypted. OTOH, claiming that "GPG encryption is fundamentally broken"
> is unacceptable. GPG encryption is anything but broken (if it's used in
> the right way, i.e. to encrypt information exchanged between parties who
> have verified their OpenPGP key).
> Regards,
> Ingo
> _______________________________________________
> kde-community mailing list
> kde-community at kde.org
> https://mail.kde.org/mailman/listinfo/kde-community

More information about the kde-community mailing list