On Fri, Jul 30, 1999 at 01:29:35AM -0500, Manoj Srivastava wrote: > This is quite confused. The fingerprint is of the public key > (or else how do you check it? No one should be giving anyone a look > at the private key at all). Thats exactly what I meant. > I think you are missing something. See, I meet John Smith. He > shows me photo-ID. He gives me fingerporint of his *public* key. I > download key from key server, and check the finger print. I check the > ID matches the photo ID's I saw. I sign just that ID. Now tell me > again, how short of forging two picture ID's, there is a flaw in > this. So we agree. You wouldn't sign the key without checking the fingerprint first. The idea being, if the fingerprint matches, then John Smith must have the matching private key (and not somebody else). (Of course, John Smith may deliberately give you the incorrect fingerprint, don't ask me why, but lets not get into that here.) Remember that there are two issues involved here: 1. Who has the private key (and can decrypt/sign mail)? 2. What is the name and E-Mail address of this person? When you sign John Smith's public key, you have to verify that the public key corresponds to both 1 and 2 above: 1. That the public key matches up with his private key. There is no need to do this by inspecting the private key. Most people would probably take John Smith's word for (as described above). If you are paranoid though, you could give John Smith a random message, securely, which he will sign and send back to you. Infact, I believe this is how ssh1 works with RSA authentication. This way, it is impossible for somebody to lie and say they have the private key, when they really don't, which is very important for ssh, but maybe not such an issue for PGP. 2. Of course, you also have to identify his name and E-Mail address, to give other people an indication as to who has the private key. You then sign it so nobody else can tamper with it. -- Brian May <bam@snoopy.apana.org.au>
Attachment:
pgpUReOQmTmOW.pgp
Description: PGP signature