Follow

how can PKI/CA ensure that a public key belongs to someone?

@Acer You can't. The idea of having PKI infrastructure wasn't meant to confirm your identity.
Instead it was built on as a "web of trust" where people can vouch if it's really your key.

@deesapoetra

If pki can t vouch it, how can people vouch it via pki?

@Acer well. Here's a good way to look at it.
I publish my public key. And i mentioned it in social media for example.
People would vouch for my key that way.

Or... i can built an internal web of trust when we were actually friends with each other in real life and would vouch each other key.

@deesapoetra

PKI should connect to root central authority.
If you just exchange public keys with friends, you needn't a pki

@Acer yep. Unless you want someone to vouch for it.
Some PKI like ubuntu keyserver provide comments section if i'm not mistaken.

@Acer wait is it comment section or just a section where there's a list of people whk signed your key? I forgot. I never upload my key to a keyserver

@deesapoetra

What is whk?
Is it "Who"?
How can the list vouch for keys

@Acer @deesapoetra Covid19 isn't real. The very concept of germ-virus theory is false: https://www.healingnaturallybybee.com/you-cannot-catch-bugs-germs-bacteria-or-candidafungi/

The whole purpose of the vaccine is depopulation. The VAERS site says only 7000 people have died from the vaccine, but admit that less than 1% of cases are reported. That means 700,000 people have died, and the media has completely fucking ignored this. Also there are many reports of women having miscarriages and having abnormal periods after being either vaccinated or merely being in physical proximity of people who were vaccinated.

All of this info is verifiable and has been posted many, many times on halfchan /pol/. The info is easy to find if you look.

This is now your responsible to repost this, spread it, share it as widely as possible, and tell as many people as possible to NEVER TAKE THIS "VACCINE" which will most likely kill them at worst, or fully sterilize them at best.
vaccine 2.jpg

@Acer i can vouch for your key by signing if you want to. But that defeats the purpose isn't it.
The key (not literally as in key in "public key" . But instead "the main idea" in a system) is "web of trust"

@deesapoetra

actually I m not familiar with the concept web of trust WOT
I only know some darknet services has extensions of it
When did they introduce wot in the public key system

@Acer since the very begining of the public key invention.
It meant to be used so people can vouch for each other. It's indeed problematic on "how can you trust the key?" Or "How can you be sure if it's not an under cover agent that pushing him (the key owner) to ease the investigation".
But i think you can always do something to make people vouch for your keys.

@deesapoetra

I still can t get wot.

>How

If not, the, just not.
Or wot = faith?

@Acer WOT = Faith.
Yep. Something like that, but instead of one way connection like faith are, it's a "web" where many people can get involved.

@deesapoetra

Hmm...

Vulnerabilities

Then gradually it can be a honeypot.
Live nodes in the web remain
Who can leave longer than the country / system who owns agencies and machines

@Acer Yep. That's the drawbacks. Even public key aren't that secure.
You can read the docs on how public key are generated and how it became less and less secure as computer capabilities being buffed overtime.

@Acer you might want to do a research on "double encryption method" where you would used both asymetric and symetric encryption.
I'm sure stackexchange, superuser, and stackoverflow already had this kind conversation before.

@deesapoetra

I ll focus on symmetric and asymmetric encryptions and digital signatures first and get rid of cryptographic topics

Show newer

@deesapoetra

Someone here = pki
Ubuntu keyserver = pki example
Comments section = vouch method example

The example means they have all kinds of means to vouch for keys, but no proof or authenticity and no standard one.

Right?

@Acer i should've wrote "PKI" instead of "PKI Infrastructure lol"

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.