Discussion:
[Enigmail] Set Owner Trust missing from menu
Patrick Chkoreff
2018-09-07 22:34:59 UTC
Permalink
It still begs the question of why I can't Set Owner Trust on a newly
imported key.
I fiddled around some more. This time I SIGNED the key, telling a lie
by saying that I had checked it very carefully. Then when I
right-clicked on the key the "Set Owner Trust" option appeared under
"Sign Key" where it usually appears for all other keys in my key ring.

I'll probably try deleting the key and importing it again to see if I
can establish a well-worn groove of behavior for newly imported keys.


-- Patrick Chkoreff
Patrick Brunschwig
2018-09-08 08:19:54 UTC
Permalink
Post by Patrick Chkoreff
It still begs the question of why I can't Set Owner Trust on a newly
imported key.
I fiddled around some more. This time I SIGNED the key, telling a lie
by saying that I had checked it very carefully. Then when I
right-clicked on the key the "Set Owner Trust" option appeared under
"Sign Key" where it usually appears for all other keys in my key ring.
That's right. Enigmail does no more allow to set owner trust to not
signed keys. You need to understand the concepts:

* Key Signing: How well do you know the owner of the key
* Owner trust: How well do you rely on keys signed by a person (i.e.
Alice signs Bob's key; how much do you trust that Alice did correctly
verify Bob's identity).

If you don't want to trust all keys automatically, you need to sign
them. Setting the owner trust to "ultimate" is the wrong thing.
Conceptually you can't set the owner trust of a key if you didn't check
the owner's identity.

-Patrick
Patrick Chkoreff
2018-09-08 14:30:42 UTC
Permalink
Post by Patrick Brunschwig
If you don't want to trust all keys automatically, you need to sign
them. Setting the owner trust to "ultimate" is the wrong thing.
Conceptually you can't set the owner trust of a key if you didn't check
the owner's identity.
The strange thing is that when I *first* imported the key, I noticed
that all I could do was sign it. So I thought OK I'll sign it, but I
won't lie to the software and say that I had checked it thoroughly.
Perhaps that's why it wouldn't let me encrypt to the key even after I
had signed it.

Weird thing though, even after I reimported the key, signed it with a
lie saying I had checked thoroughly, I STILL was unable to encrypt to
it. But that's when I saw the old familiar "Set Owner Trust" option so
I just used that to trust it ultimately and then I could encrypt just fine.

Just to ensure that I'm not getting the details wrong, I'm going to
delete the key and go through the process again and report back.


--
Patrick Chkoreff
Patrick Chkoreff
2018-09-08 14:50:29 UTC
Permalink
OK here are the results of my experiment, my quick notes in a text file:

~~~~
delete key from key management

just in case, restart Thunderbird

go back to the original email with the key attached

right-click on the key and choose "Import PGP Key"

Immediately attempt to reply to the sender with encryption

Enigmail brings up key selection dialog, with the new key shown in italics

Try to choose the new key anyway and press Send

Enigmail says "Sending of the message failed"

Now go into key management to sign the new key so I can encrypt to it


When I right-click on the key, I DO see "Sign Key" and DO NOT see "Set
Owner Trust" (as expected).

When signing, choose "I have not checked at all," which is the truth.
After all, this is a complete
stranger on the other side of the planet and I'm not going to fly out to
meet him. (I view this
signing step very much like ssh's "trust on first use" anyway. I don't
care that this new stranger
really "is" William Shakespeare, just that every time I get a message
from him I know it's the
*same* William Shakespeare as the day before. I'll establish reputation
as the relationship
progresses, and have nothing to lose on first contact.)


After signing, once again attempt to reply to the sender with encryption.

Brings up key selection dialog again: same result, sending the message
ultimately fails.


My next thought is, maybe Enigmail won't let me encrypt to that key
because I confessed
that I did not check William's identity at all (lazy me). So this time,
I delete the key,
re-import it, and lie to the software that I have very carefully vetted
the "identity" of
this new stranger on the other side of the planet.

After signing that key in my own blood, immediately attempt to reply to
the sender with encryption

SUCCESS! My clever lie worked, and no key selection dialog came up. It
went straight through
to the new stranger.


So that's the answer: if I want to encrypt to a newly imported key, I
must first sign it
and attest that I have checked it very thoroughly. Doing a "Set Owner
Trust" is unnecessary.


The other answer is to just choose "Use any usable key", but that seems
even more promiscuous
and haphazardous than just signing each new key with a white lie.
~~~~
Post by Patrick Brunschwig
That's right. Enigmail does no more allow to set owner trust to not
* Key Signing: How well do you know the owner of the key
* Owner trust: How well do you rely on keys signed by a person (i.e.
Alice signs Bob's key; how much do you trust that Alice did correctly
verify Bob's identity).
If you don't want to trust all keys automatically, you need to sign
them. Setting the owner trust to "ultimate" is the wrong thing.
Conceptually you can't set the owner trust of a key if you didn't check
the owner's identity.
OK so when I signed "William's" key, I was affirming that I knew the
owner of the key (William) very well.

If I later set the owner trust to "ultimate," I would be saying that I
trust OTHER keys which are signed BY William.

Did I get that right?


--
Patrick Chkoreff
Patrick Brunschwig
2018-09-08 15:00:20 UTC
Permalink
Post by Patrick Chkoreff
~~~~
delete key from key management
just in case, restart Thunderbird
go back to the original email with the key attached
right-click on the key and choose "Import PGP Key"
Immediately attempt to reply to the sender with encryption
Enigmail brings up key selection dialog, with the new key shown in italics
Try to choose the new key anyway and press Send
Enigmail says "Sending of the message failed"
Now go into key management to sign the new key so I can encrypt to it
When I right-click on the key, I DO see "Sign Key" and DO NOT see "Set
Owner Trust" (as expected).
When signing, choose "I have not checked at all," which is the truth.
After all, this is a complete
stranger on the other side of the planet and I'm not going to fly out to
meet him. (I view this
signing step very much like ssh's "trust on first use" anyway. I don't
care that this new stranger
really "is" William Shakespeare, just that every time I get a message
from him I know it's the
*same* William Shakespeare as the day before. I'll establish reputation
as the relationship
progresses, and have nothing to lose on first contact.)
After signing, once again attempt to reply to the sender with encryption.
Brings up key selection dialog again: same result, sending the message
ultimately fails.
My next thought is, maybe Enigmail won't let me encrypt to that key
because I confessed
that I did not check William's identity at all (lazy me). So this time,
I delete the key,
re-import it, and lie to the software that I have very carefully vetted
the "identity" of
this new stranger on the other side of the planet.
After signing that key in my own blood, immediately attempt to reply to
the sender with encryption
SUCCESS! My clever lie worked, and no key selection dialog came up. It
went straight through
to the new stranger.
So that's the answer: if I want to encrypt to a newly imported key, I
must first sign it
and attest that I have checked it very thoroughly. Doing a "Set Owner
Trust" is unnecessary.
The other answer is to just choose "Use any usable key", but that seems
even more promiscuous
and haphazardous than just signing each new key with a white lie.
You need to understand how the implementation of the Web of Trust works
in GnuPG. This is nothing to blame on Enigmail. Read here to understand
the web of trust: https://wiki.gnupg.org/WebOfTrust


-Patrick
Patrick Chkoreff
2018-09-10 12:03:27 UTC
Permalink
Post by Patrick Brunschwig
You need to understand how the implementation of the Web of Trust works
in GnuPG. This is nothing to blame on Enigmail. Read here to understand
the web of trust: https://wiki.gnupg.org/WebOfTrust
I understand the web of trust, but thank you for the excellent reference.

There is nothing in my post which blames Enigmail for anything, nor was
there any whinging involved. All I did was identify a simple procedural
fact: In order to encrypt to a particular key, I must first sign that
key, affirming that I have check its identity very carefully.

The entire question of what it means to check the identity of a key is
beyond the scope of Enigmail/GPG, and at no time did I blame Enigmail
for posing that challenge to me.

In my particular case, I received a key from a complete stranger who I
will never meet and whose key is not signed by anyone I trust. I don't
view that as a problem at all. I simply sign the key and affirm that I
have checked its identity. All that means is that whenever I correspond
with that individual, I can be sure it is the SAME individual who
originally sent me the key. That's all I actually care about, and is
why I brought up the analogy with ssh's "trust on first use." I could
bootstrap an entire working relationship with this individual lasting
years based only on that initial event.

Again, my post was in no way a complaint. It was simply a process of
discovery. Yes there were a few snarks such as "white lie," but
honestly I have no complaint about the way Enigmail/GPG works.


-- Patrick

Loading...