@orionwl wonder if this would be a good time to try bip322 sigs for releases?
@ajtowns @orionwl Web-of-trust works for it's intended audience: people who are taking the time to actually verify something rather than just relying on their web browsers.
Re: multisig, just sticking a few different signatures on releases manually is fine. Anyone verifying this stuff to that level is verifying it manually anyway. And PGP *does* allow for multiple signatures on one file, even in things like git commits.
@pete @orionwl manually verifying things doesn't scale, that's why apt and the like verify signatures automatically. You have to trust/verify you got the initial installation right and haven't been compromised since, but automation makes staying up to date easier. Automating gpg is pretty painful, and we have or own signing tools that we have to maintain anyway. but *shrug* - I've done the adding gpg stuff with apt already, don't need to climb that mountain again.
@ajtowns @orionwl ...apt uses PGP behind the scenes...
Anyway, "doesn't scale" is irrelevant. The actual use-case of PGP is for the experts to verify that high value use-cases are correct. Including that the automated systems are correct.
Don't get fooled by propaganda from academic cryptographers who have every reason to shit on an inherently fuzzy, human, problem that their math credentials can't solve.
@ajtowns @orionwl Believe me, I'd love to replace OpenPGP with a standard with sane serialization, ditches old crypto, etc.
But if I were to do that, I'd actually make a _replacement_. That means thinking about how to get to the same place re: WoT and key distribution. And that's a _much_ harder problem to solve than the crypto itself.
@pete @orionwl what do you think is valuable about the wot? Turning an identity (name, email, etc) into a downloadable key, subkeys/revocations/expiry, having a decentralised structure rather than a CA? The automatic trust stuff was always a failure imo. Having all the info be public also seems a bit fail-ish (also webs should be in the shadows just on principle)
@ajtowns @orionwl What "automatic trust stuff" specifically? You mean GPG's trust db?
How do you propose to allow third parties to verify anything without WoT data being public?
Conversely, why do you think the fact that someone like myself - a very well known figure - might think, say, the Qubes signing key is real needs to be kept private?
@ajtowns @orionwl Re: the value of WoT, it's obvious: having something other than certificate authorities.
You see this _immediaty_ if you ever try to work out the procedures for securely doing something of high value: you just have to have some other way of verifying signatures, because CAs are worse than a central point of failure. They're literally hundreds of points of failure.
@pete the strong set is 55k single points of failure for pgp's automatic trust calculations. Or there's zero middlemen if you're directly checking fingerprints and doing kyc in person. Or there's stuff in between. Which are you talking about? It's not obvious to me.
@pete Having everything public means you can identify who went to every keysigning party. Why would that be desirable any more than having every coffee purchase on the blockchain? Doesn't mean every attestation should be private either though.
@ajtowns ...and remember, you absolutely can change how GPG works re: marginal trust and the like. You get to decide how you want to verify keys. It's not hard.
@pete I wish we were having this conversation irl because it's hard to get my level of skepticism across without exaggerated facial expressions. Changing marginal levels of trust in gpg correctly isn't hard? (I mean I could argue that choosing never trust anyone is correct and easy, but...)
@ajtowns It's very easy to do a better job than the alternative - the CA system - with GPGs trust database and some thought. Hell, just the fact that it's _not_ a common and standardized way of doing things is by itself a huge improvement for expert usage, because targeting an attack is hard and it'll have a low payoff usually.
Not to mention, the obvious thing to do ends up combining both: downloading a .sig file from an https connection.
@ajtowns "@pete the strong set is 55k single points of failure for pgp's automatic trust calculations."
Huh? That's not how GPG works. You don't just blindly trust multiple levels deep.
"Or there's zero middlemen if you're directly checking fingerprints and doing kyc in person."
...which is _incredibly_ limiting. Even someone like me who has gone to countless conferences doesn't have a direct links with tons of people. But after one or two steps, it's not so hard.