Fwd: [tech] Signing builds
cowan at ccil.org
Fri Jan 15 19:57:12 GMT 2021
On 15-Jan-2021 01:59, Mansfield wrote:
> (I'm also not sure how the certificate will verify I'm trustworthy when
> not so certain I want any personally identifiable information to be shared
> with whoever will be running me through whatever process
The whole point of a cert is to prove your identity to someone who will do
something for you (or allow you to do something to them) based on it.
Consider these real-life examples.
I go to my pharmacy to pick up my prescription medicines. The meds are
only for me, so only I can pick them up.
Case 0: personal knowledge
Me: Hi there. Can you give my meds please?
Clerk: Oh, hello, Mr. Cowan. Nice to see you again. Here you go.
Case 1: self-signed cert
Me: Hi there. I'm John Cowan, and I want to pick up my medicines.
Clerk (who doesn't know me): Can I see some identification, please?
I hand over a piece of paper.
Clerk: Umm, this says you are John Cowan, all right, but it's only signed
by you. This doesn't prove a thing. ...Next customer, please?
Case 2: anonymous cert
As in Case 1 until the clerk looks at the letter.
Clerk: This says "The bearer of this document is known to me as 'Joe
Nameless'. Signed A. Nonny Mouse, Chief Identifier, Fly-by-night
Corporation." I'm sorry, this doesn't help: the name on this paper doesn't
match your name.
Me: Well, of course not! I wasn't going to give Fly-by-night my
personally identifying information!
Clerk: Sorry ... next customer, please?
Case 3: CA-based cert
Same as Cases 1 and 2 until the clerk looks at the letter (actually a card
Clerk: Okay, this says that the State of New York, which we trust, has
verified your identity as John Cowan. Hello, Mr. Cowan. Here you go.
John Cowan http://vrici.lojban.org/~cowan cowan at ccil.org
The man that wanders far from the walking tree
--first line of a non-existent poem by me
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gemini