[Enigmail] New to Enigmail and having a question about the validity of signatures

Robert J. Hansen rjh at sixdemonbag.org
Fri Mar 14 09:30:47 PDT 2008 

Robert J. Hansen wrote:
> Part 1: Basic Trust Skills (Short Answer)

What follows are my answers.  Other people may answer differently, 
depending on their own trust model.

> Search for keya 0xFEAF8109, 0x5B0358A2 and 0xCCEC227B.  Answer these
> four questions for each key.

The first is mine; the second is Werner Koch's; the third is Patrick's 
(revoked) key.

> 	1.  Should you sign this key and make it valid?

Unless you have personal and direct knowledge of Werner or myself, and 
have verified that the key truly belongs to the person it claims, and 
verified that the key is correct, you should not.

You should not sign Patrick's revoked key.

> 	2.  Stipulate the key belongs to the person it claims, and that
> 	    the key is correct.  Should you now sign it?

Given these stipulations, you should not sign my key unless you believe 
you know me well enough to trust me.

Given these stipulations, you _should_ sign Werner's key.  You obviously 
trust him.  If you don't trust him, then why are you running a program 
he wrote?  Your actions give testimony to the fact you trust him--so if 
you've confirmed the key really belongs to Werner and it's correct, then 
you've met all three requirements, and should sign it.

Given these stipulations, you should not sign Patrick's revoked key.  If 
you've confirmed the key really belongs to Patrick, that the key is 
correct, and that you trust Patrick... why would you ignore Patrick's 
revocation?

> 	3.  Do you trust the person named in the key?

Maybe, yes, and yes.  If you run Enigmail, then you trust Patrick.  If 
you don't trust Patrick, don't run Enigmail.

> 	4.  Should the answers to #2 and #3 have been the same?

Curiously, no!  Patrick's key may be correct, it may really belong to 
Patrick, and you may trust Patrick... but you would still choose not to 
sign his key, because Patrick has revoked it.

> 	1.  Do digital signatures create a trust relationship, or do
> 	    they only reflect an already-existing trust relationship?

Digital signatures reflect an existing trust relationship.  They do not 
create trust.

> 	2.  Do digital signatures serve any purpose in the absence of
> 	    an already-existing trust relationship?

No.

> 	3.  Should you know all the root authorities your operating
> 	    system trusts?

Not necessarily.  If you trust your operating system vendor to serve as 
a trusted introducer, then you don't need to know every single root 
authority your OS considers to be trustworthy.

> 	4.  Why do you trust your OS vendor to decide which root
> 	    authorities are trustworthy?

This question has no answer.  Trust is a deeply personal question and 
one I can't answer for anyone else.  However, hopefully it'll get you to 
ask yourself the very important question, "... so why /do/ I trust my 
vendor to be an introducer, anyway?"

More information about the Enigmail mailing list