[lrvick]

> PGP's "self-sovereignty" comes from mutually agreeing with groups of people who already know each other to exchange files establishing identities.

Or between total strangers that met in person at a key signing party and agreed "you look like a human and not a bot to me".

We need human identity to be certified by humans using very long lived standard PKI primitives. Anything else, bots can easily monopolize to the point of being useless.

Rather than debate this here though yet again, I am working on a blog post which includes a lot of quotes, including one from you, to make a case for why PGP is still the best and most widely used and useful proof-of-human and self-sovereign PKI solution that exists, and why we should double down on it.

That comment thread is sure to be interesting.

[tptacek]

That's fine! It's perfectly reasonable to say "this isn't a problem worth solving". But you can't then say something else actually solves the problem by punting on it. Be clearer about what you're saying, instead of invoking the specter of "security influencers".

[lrvick]

I am not saying it is not a problem worth solving. I am actually saying PGP actually solves the problem of which key actually belongs to which person.

There are dozens of keys claiming to be Torvalds that lack credible endorsements from high reputation identities, so those are easily ignored. The one that has been signing the Linux kernel for years and signed by many people putting their reputations on the line is the one we care about.

It is intuitive and does not need a math degree to understand.

[tptacek]

Like I said: this is to cryptographic identity what the one-time pad is to message encryption. Simple and unuseful.

[lrvick]

It is unuseful to people with threat models that allow for entrusting their social graph to centralized identity systems managed by centrally controlled software supply chains that any compromised insider could manipulate.

For me and thousands of other Linux distro maintainers that maintain the core software supply chains and infrastructure that runs the internet, we cannot afford centralized trust graphs. Nothing else comes close to solving the problems PGP solves.

That is why it is an active IETF standard with modern cryptography and several actively maintained and widely used implementations.

[akerl_]

Why do I trust the people who are putting their reputations on the line? If they either screwed up or are malicious, I guess I'm just out of luck?

[lrvick]

If you can manipulate dozens of Linux maintainers to sign a key maliciously, we have bigger problems. Like a complete failure of the internet.

Decentralized human trust, or centralized corporate trust. Pick one.

[akerl_]

Again, this works when your userbase is a small group of highly technical people who already have social connections to each other. But then again, so would just swapping Signal security numbers.

It completely and totally collapses in the face of non-technical users or broad adoption, which is one of multiple reasons that PGP remains a thing that a small set of people use.

[tptacek]

Just to be pedantic about this: it does not in fact work; PGP has failed those kinds of user groups and platforms over and over again over the last 3 decades.

[akerl_]

If the measure here is "I met this person at an event and they were a human", and the protocol becomes actually important for proving personhood, what is the measure that stops somebody from turning up to a bunch of events and getting "human" keys signed to then repurpose for bots?

[lrvick]

Because this is too expensive to scale, and people talk in small circles about who has signed who. Good luck inventing thousands of fake identities with a long trust history and reputation with this approach.

Botmasters like situations where they can hide offline and buy bots blue checkmarks with stolen credit cards.

[akerl_]

This is a fun kind of paradox. Right now it wouldn't scale well because signing parties are a niche nerd activity and having your identities signed by other GPG users doesn't really help with anything you'd want to do with a bot.

But if you were to actually succeed in making key signing parties a more common thing that people used to test for human-ness, and that test was tied to meaningful things online, it would both become easier to fake and more valuable to fake.

[lrvick]

When you sign a key you pick a trust level. If no one reputable has ever trusted a persons key with a higher level than "human", then that key should be subject to significantly higher scrutiny.

If you look at my key, you will find it is heavily connected to the keys that sign most linux distributions, bitcoin, and commits to the Linux kernel today.

If those 5444 linked identities that long pre-date AI are colluded to create a fake me and fake people that signed people who signed me over the last 25 years, and got those fake fingerprints in the keychains of every distro and got matching fingerprints on thousands of privately owned sites, we indeed have serious problems.

[akerl_]

Yes, that would be the conundrum I was describing. If your plan were to work, the idea of a signer being "reputable" would be watered down into nothing.

[lrvick]

Well, it is working as intended, right now, and the binaries running on the servers we are communicating with right now were likely signed and validated with Linux maintainer PGP keys because it is the only standard and decentralized option.

PGP does not need mass adoption to function, but with solutions like keyoxide offering a more accessible trust onramp, it is there for anyone that wants to self certify and take control of their own identity today, and get signed by trusted community members tomorrow at a conference.