Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One thing that worries me about GPG's trust model is that marginal trust doesn't actually stack very well. If three of my friends go to a key signing party, and each check some guy's ID to his face, I'm not really that much more confident that it wasn't a fake ID. The same holds, albeit weaker, over more spread out interactions... Only signing keys when I've known the person interacting in public under that identity for a protracted time seems a solution, but dramatically limits the growth of the network.


There's a well known problem with manufacturing inspction called "the two inspector problem".

Ann ispects units, then hands them on to Bob who performs a final inspection. Ann is falling behind so she gives the units a quick short less thorough inspection. She knows that Bob will catch the problem. Bob gets a sudden extra load of units, so he too gives them a less rigorous inspection. Bob knows that Ann has previously inspected them. It happens surprisingly often although not quite in that form.

There's a whole bunch of research shwoing what a group of people do when estimating numbers - they tend to clump around whatthe first person says.

I suspect three people checking and ID would be subject to both of these problems.


On point. Seems related to diffusion of responsibility.


You can cryptographically verify any biometric passport (all Visa Waiver Program countries have them) and most European ID cards with any NFC-capable Android smartphone. They include the holder's name and picture and are signed by the government-controlled CA for that country's identity documents.


Cool! Do you know of any app I can use to read my picture and name from my EU ID card?


I can't attest to the security, but "NFC Passport Reader" (nl.novay.nfcpassportreader) worked for me.

I might have an old version, but my apk is 1595338 bytes and has SHA256 274f77b0d3da9280c1e728cc53c9348d9454e7f255dcf37e6df925040b8d3c3b.


Hm, the only thing this app would do for me was optically scan the machine-readable print on the back on my ID-card. Didn't seem to want to do anything with the NFC-chip in it.


Interesting! That does make it harder to forge. Still brittle when it happens.


I am not sure, but I think that an implicit goal of keysigning is to: one, get any chain at all between two people for the more common case of no chain compared to the rarer case of active malice; and two, if enough people do it the graph should reveal impostors or at least a discrepancy that can be investigated. Someone may not realize there's a fake key out there with their name on it until a bunch of people start signing each others keys and uploading the wad of signatures to keyservers.


Very problematic is the potential of signers spam. Imagine people who blindly sign the keys only to appear listed when somebody looks for somebody well-known. Imagine ads in PGP keys.


Interesting. Potentially problematic, but it should be something we can deal with. Requiring acceptance of a signature for it to be posted seems like it does the job.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: