[kde-community] KDE Sysadmin and GPG Encryption
bgupta at kde.org
Wed Jul 27 10:52:50 UTC 2016
On 27 July 2016 at 15:36, Harald Sitter <sitter at kde.org> wrote:
> If it helps the cause I'll fly around the world on my own dime and
> web-up everyone in the sysadmin team who otherwise doesn't go to KDE
> meetups so you have at least one link that connects you to the rest of
> the world. I haven't had a proper vacation in years anyway ;)
I'm going to take you up on that. Would you like to see the Taj Mahal? :P
> On Tue, Jul 26, 2016 at 11:46 PM, Ingo Klöcker <kloecker at kde.org> wrote:
>> On Tuesday 26 July 2016 16:01:15 Luigi Toscano wrote:
>>> On Tuesday, 26 July 2016 19:25:25 CEST Boudhayan Gupta wrote:
>>> > 2) GPG doesn't simply encrypt the email, but also digitally signs
>>> > it.
>>> > Signatures are required to prove the authenticity of the email, and
>>> > to detect if it was tampered with. However, given our email
>>> > infrastructure, a GPG signature is meaningless. Anyone can create a
>>> > GPG key, encrypt the email and send it out. To trust the public key,
>>> > it would have to be either (a) distributed in a trustable way, which
>>> > brings us to the same sitation as the SSH host key, (b) signed by
>>> > another trusted entity (a person), after a face-to-face meeting, or
>>> > (c) signed by members of a web of trust (which recursively requires
>>> > one of (a) and (b)). Given we live in such physically diverse
>>> > location (in fact, Ben lives in New Zealand; meeting enough KDE
>>> > contributors face to face willing to sign his key is prohibitvely
>>> > time, effort and finance consuming). If you can't establish trust
>>> > of a GPG public key, the signature is meaningless.
>>> I strongly disagree with this. While it is complicated in Ben's case,
>>> we had GPG signing party at the past Akademy and we can rebuild the
>>> web of trust. Debian works like this. We can have one at the QtCon
>>> (with also people from other communities including FSFE). So
>>> *signing* the announcement emails should not be discouraged like it
>>> is in this email.
>> I very much agree with Luigi. IMHO, OpenPGP signatures are the most
>> trustworthy kind of proof of authenticity (provided the key fingerprint
>> has been verified in a way that's as secure as a face-to-face meeting
>> and that the key's owner takes good care of her key).
>> I disagree that it's difficult for the admin team to verify and then
>> sign Ben key. For example, I think that this could be done via a voice
>> chat provided the admin team regularly does voice chats and therefore
>> recognizes Ben's voice. I don't care whether Ben's really called Ben and
>> lives in New Zealand. All that I care for is that the admin known to us
>> as Ben has sent the announcement with the new server fingerprint. And
>> this I could have asserted easily, if the admin team would have cross-
>> signed their OpenPGP keys and I would have verified the OpenPGP keys of
>> one, or better two, admin in a keysigning meeting, e.g. at Akademy.
>> I agree that encrypting the public information about the server
>> fingerprint would not have made any sense, but I guess that the people
>> who complained actually wanted the message to be signed rather than be
>> encrypted. OTOH, claiming that "GPG encryption is fundamentally broken"
>> is unacceptable. GPG encryption is anything but broken (if it's used in
>> the right way, i.e. to encrypt information exchanged between parties who
>> have verified their OpenPGP key).
>> kde-community mailing list
>> kde-community at kde.org
> kde-community mailing list
> kde-community at kde.org
More information about the kde-community