Comments

JaredJanuary 4, 2008 1:55 PM

Ok, I guess I'm missing something about the public key signing joke. Sorry. Can someone please take pity and explain why it's funny? Bob just signed Alice's key pair, and she is not trusted. Why's that bad?

Jeff PettorinoJanuary 4, 2008 2:07 PM

Because, PGP is a 'web of trust' or 'reputation' based trust relationship. If Alice turns out to be a "bad girl" and Bob has vouched for her, his credibility is now suspect (or more suspect that it might have been.)

Keep in mind that these web of trust relationships are a marginal decision if a signature/key is to be "trusted" (well, in ALL key mgmt. relationships it's marginal trust, but with PKI that trust decision is typically forced on the user by the organization.) If you don't trust a key unless Charles has signed it, and he makes a bad decision, do you still trust keys he has signed, or do you revoke his 'authority' to validate keys for you?

So, by signing her key, he has potentially besmirched his own reputation. Yeah, most geek jokes don't stand up to plain analysis and retain ANY of the actual humor.

JaredJanuary 4, 2008 2:25 PM

Well, a PKI would have sign keys for all sorts of unsavory characters. What would Alice have to do for the decision to be sound? Or on the flip side, what could Alice potentially get away with if Bob isn't careful about declaring her pair to be trustworthy?

And no worries, I love geek jokes. I have a sheet of red paper on my wall that says "If this sign is blue you're going too fast". So far, in 6 years, only two office passersby have gotten it.

John RidleyJanuary 4, 2008 2:49 PM

As soon as I read that the other day, the first thing I thought of after laughing was "Bruce will be posting this soon."

MarcTJanuary 4, 2008 2:54 PM

Don't forget to check the alt-text (View Source on the page). It's often the best part of XKCD. For the first one:

"Never bring tequila to a key-signing party."

For the second:

"Viruses so far have been really disappointing on the 'disable the internet' front, and time is running out. When Linux/Mac win in a decade or so the game will be over."

marekjJanuary 4, 2008 4:38 PM

Jeff, your fine explanation provides one point of humor in the cartoon, while from a "geek emotional life" angle, what's funny is simply that while he rues having signed her public key, the more pedestrian scenario his pal asks about never even crosses his mind.

Then on another level, it's hilarious to realize how awfully esoteric it is, and that you can still get humorous mileage out of such, well, cryptic suff.

Yes, explaning jokes does tend to kill them, but I think this particular one is a near masterpiece, as cartoons go.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..