@orionwl wonder if this would be a good time to try bip322 sigs for releases?

@ajtowns @orionwl No. PGP is far superior to any of these single key standards, as it supports the web-of-trust.

PGP could be better. But until someone actually replaces it, why use niche standards that will never replace it?

@pete @orionwl that reads like two fallacies to me, #1 that web of trust actually works, #2 that you can make a new standard without some people using it while it's niche? Also Bip322 supports multisig signatures, it's not single key.

@ajtowns @orionwl Web-of-trust works for it's intended audience: people who are taking the time to actually verify something rather than just relying on their web browsers.

Re: multisig, just sticking a few different signatures on releases manually is fine. Anyone verifying this stuff to that level is verifying it manually anyway. And PGP *does* allow for multiple signatures on one file, even in things like git commits.

@pete @orionwl manually verifying things doesn't scale, that's why apt and the like verify signatures automatically. You have to trust/verify you got the initial installation right and haven't been compromised since, but automation makes staying up to date easier. Automating gpg is pretty painful, and we have or own signing tools that we have to maintain anyway. but *shrug* - I've done the adding gpg stuff with apt already, don't need to climb that mountain again.

Follow

@ajtowns @orionwl ...apt uses PGP behind the scenes...

Anyway, "doesn't scale" is irrelevant. The actual use-case of PGP is for the experts to verify that high value use-cases are correct. Including that the automated systems are correct.

Don't get fooled by propaganda from academic cryptographers who have every reason to shit on an inherently fuzzy, human, problem that their math credentials can't solve.

· · Web · 2 · 0 · 1

@ajtowns @orionwl In particular, it is _very_ likely that at least some of those academics are literally being paid off by the likes of the NSA to discourage the use of secure, decentralized, tech.

We know from the Snowden leaks that GnuPGP was one of the things they had severe problems compromising reliably. Equally, the PGP _mindset_ is one that makes for systems that are hard to compromise.

@pete @orionwl yes, I designed that code. And despite using the special front-end for parsing, there's been security bugs as a result.

@ajtowns @orionwl I know. That's why efforts got put into writing new PGP libraries. Efforts that should have been done literally a decade ago... But of course get held back, because people inexplicably push weird niche stuff that's obviously worse.

@ajtowns @orionwl Believe me, I'd love to replace OpenPGP with a standard with sane serialization, ditches old crypto, etc.

But if I were to do that, I'd actually make a _replacement_. That means thinking about how to get to the same place re: WoT and key distribution. And that's a _much_ harder problem to solve than the crypto itself.

@ajtowns @orionwl You know what was _the_ biggest advance in web certificate security?

It wasn't new crypto. It was a stupidly simple merkle mountain range called certificate transparency. It revolutionized the human/political side of the certificate business, by adding some pretty basic auditing. It has literally lead to scammers and bad actors going bankrupt.

_That's_ the kind of thing what a PGP replacement needs to focus on. Not what signature scheme it happens to use.

@pete @orionwl what do you think is valuable about the wot? Turning an identity (name, email, etc) into a downloadable key, subkeys/revocations/expiry, having a decentralised structure rather than a CA? The automatic trust stuff was always a failure imo. Having all the info be public also seems a bit fail-ish (also webs should be in the shadows just on principle)

@ajtowns @orionwl What "automatic trust stuff" specifically? You mean GPG's trust db?

How do you propose to allow third parties to verify anything without WoT data being public?

Conversely, why do you think the fact that someone like myself - a very well known figure - might think, say, the Qubes signing key is real needs to be kept private?

@ajtowns @orionwl Re: the value of WoT, it's obvious: having something other than certificate authorities.

You see this _immediaty_ if you ever try to work out the procedures for securely doing something of high value: you just have to have some other way of verifying signatures, because CAs are worse than a central point of failure. They're literally hundreds of points of failure.

@pete the strong set is 55k single points of failure for pgp's automatic trust calculations. Or there's zero middlemen if you're directly checking fingerprints and doing kyc in person. Or there's stuff in between. Which are you talking about? It's not obvious to me.

@pete Having everything public means you can identify who went to every keysigning party. Why would that be desirable any more than having every coffee purchase on the blockchain? Doesn't mean every attestation should be private either though.

@ajtowns The industry goes to conferences and gives talks. Who knows who, where we've been, and who we talk too is very public. And you can always delay when you sign. Or choose not too.

Again, what's the alternative for high security? Be realistic.

@ajtowns "@pete the strong set is 55k single points of failure for pgp's automatic trust calculations."

Huh? That's not how GPG works. You don't just blindly trust multiple levels deep.

"Or there's zero middlemen if you're directly checking fingerprints and doing kyc in person."

...which is _incredibly_ limiting. Even someone like me who has gone to countless conferences doesn't have a direct links with tons of people. But after one or two steps, it's not so hard.

@ajtowns ...and remember, you absolutely can change how GPG works re: marginal trust and the like. You get to decide how you want to verify keys. It's not hard.

@pete I wish we were having this conversation irl because it's hard to get my level of skepticism across without exaggerated facial expressions. Changing marginal levels of trust in gpg correctly isn't hard? (I mean I could argue that choosing never trust anyone is correct and easy, but...)

@ajtowns It's very easy to do a better job than the alternative - the CA system - with GPGs trust database and some thought. Hell, just the fact that it's _not_ a common and standardized way of doing things is by itself a huge improvement for expert usage, because targeting an attack is hard and it'll have a low payoff usually.

Not to mention, the obvious thing to do ends up combining both: downloading a .sig file from an https connection.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!