Fwd: [tech] Signing builds

John Cowan cowan at ccil.org
Fri Jan 15 19:57:12 GMT 2021

Previous message (by thread): [tech] Signing builds
Next message (by thread): [tech] Signing builds
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15-Jan-2021 01:59, Mansfield wrote:

> (I'm also not sure how the certificate will verify I'm trustworthy when
I'm
> not so certain I want any personally identifiable information to be shared
> with whoever will be running me through whatever process

The whole point of a cert is to prove your identity to someone who will do
something for you (or allow you to do something to them) based on it.
Consider these real-life examples.

I go to my pharmacy to pick up my prescription medicines. The meds are
only for me, so only I can pick them up.

Case 0: personal knowledge

Me: Hi there. Can you give my meds please?

Clerk: Oh, hello, Mr. Cowan. Nice to see you again. Here you go.

Case 1: self-signed cert

Me: Hi there. I'm John Cowan, and I want to pick up my medicines.

Clerk (who doesn't know me): Can I see some identification, please?

I hand over a piece of paper.

Clerk: Umm, this says you are John Cowan, all right, but it's only signed
by you. This doesn't prove a thing. ...Next customer, please?

Case 2: anonymous cert

As in Case 1 until the clerk looks at the letter.

Clerk: This says "The bearer of this document is known to me as 'Joe
Nameless'. Signed A. Nonny Mouse, Chief Identifier, Fly-by-night
Corporation." I'm sorry, this doesn't help: the name on this paper doesn't
match your name.

Me: Well, of course not! I wasn't going to give Fly-by-night my
personally identifying information!

Clerk: Sorry ... next customer, please?

Case 3: CA-based cert

Same as Cases 1 and 2 until the clerk looks at the letter (actually a card
this time).

Clerk: Okay, this says that the State of New York, which we trust, has
verified your identity as John Cowan. Hello, Mr. Cowan. Here you go.

John Cowan http://vrici.lojban.org/~cowan cowan at ccil.org
The man that wanders far from the walking tree
--first line of a non-existent poem by me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210115/d66a9a3c/attachment.htm>

Previous message (by thread): [tech] Signing builds
Next message (by thread): [tech] Signing builds
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list