Fwd: [tech] Signing builds

John Cowan cowan at ccil.org
Fri Jan 15 19:57:12 GMT 2021

On 15-Jan-2021 01:59, Mansfield wrote:

> (I'm also not sure how the certificate will verify I'm trustworthy when
> not so certain I want any personally identifiable information to be shared
> with whoever will be running me through whatever process

The whole point of a cert is to prove your identity to someone who will do
something for you (or allow you to do something to them) based on it.
Consider these real-life examples.

I go to my pharmacy to pick up my prescription medicines.  The meds are
only for me, so only I can pick them up.

Case 0: personal knowledge

Me: Hi there.  Can you give my meds please?

Clerk: Oh, hello, Mr. Cowan.  Nice to see you again.  Here you go.

Case 1: self-signed cert

Me: Hi there.  I'm John Cowan, and I want to pick up my medicines.

Clerk (who doesn't know me):  Can I see some identification, please?

I hand over a piece of paper.

Clerk: Umm, this says you are John Cowan, all right, but it's only signed
by you.  This doesn't prove a thing.  ...Next customer, please?

Case 2: anonymous cert

As in Case 1 until the clerk looks at the letter.

Clerk: This says "The bearer of this document is known to me as 'Joe
Nameless'.  Signed A. Nonny Mouse, Chief Identifier, Fly-by-night
Corporation."  I'm sorry, this doesn't help: the name on this paper doesn't
match your name.

Me:  Well, of course not!  I wasn't going to give Fly-by-night my
personally identifying information!

Clerk:  Sorry ... next customer, please?

Case 3: CA-based cert

Same as Cases 1 and 2 until the clerk looks at the letter (actually a card
this time).

Clerk:  Okay, this says that the State of New York, which we trust, has
verified your identity as John Cowan.  Hello, Mr. Cowan.  Here you go.

John Cowan          http://vrici.lojban.org/~cowan        cowan at ccil.org
The man that wanders far from the walking tree
        --first line of a non-existent poem by me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210115/d66a9a3c/attachment.htm>

More information about the Gemini mailing list