[108011] in North American Network Operators' Group
Re: hat tip to .gov hostmasters
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Mon Sep 22 12:29:11 2008
Date: Mon, 22 Sep 2008 16:27:25 +0000
From: bmanning@vacation.karoshi.com
To: Keith Medcalf <kmedcalf@dessus.com>
In-Reply-To: <138baa54d7b92040b7ee92498a413f86@mail.dessus.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Mon, Sep 22, 2008 at 12:14:53PM -0400, Keith Medcalf wrote:
>
> > > If I cannot authenticate the data myself, then it is simply
> > untrusted and untrustworthy -- exactly the same as it is now.
>
> > so I guess PGP web of trust is right out, then?
>
[elided]
>
> If there is a piece of data X signed with a cryptographically generated signature, and *I* verify that indeed the signature is valid, then the signature is valid -- that is, I can say with 100% absolute certainty that specific bit of keying material was used to generate a signature on something and that I have another bit of keying material which validates that signature. I am assured with very high certainty that THE DATA WAS SIGNED BY THE POSSESSOR OF THE SECRET KEYING MATERIAL.
>
> Nothing more can be determined from the signature.
>
let me understand this ... your use of the pronoun "I" in these contexts
is in reference to your corporal being i.e. meatspace and not a software
application running on some computer.
--bill
