[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keysigning without physically meeting ... thoughts?

On Sun, Jun 12, 2005 at 12:10:15AM -0700, Steve Langasek wrote:
> On Sun, Jun 12, 2005 at 07:49:51AM +0100, Andrew Suffield wrote:
> > On Sat, Jun 11, 2005 at 11:17:21PM -0700, Steve Langasek wrote:
> > > > What are we setting out to achieve?
> > > 
> > > - To verify that the person so identified controls a specific email address
> > What does 'control' mean here? Given this:
> > > Many people consider all of options a), b), and c) to be inappropriate, and
> > > will instead encrypt each of the uid signatures individually and mail them
> > > to the corresponding email address, to verify that you control each address.
> > I presume that you just mean 'is capable of receiving mail sent to the
> > address', but that is anybody at all with an internet connection and a
> > copy of woody, which contains all you need to capture other people's
> > mail. I'm not sure why you're bothering to verify that the person so
> > identified falls into this group.
> Yes, and might I say, your personal email is particularly juicy.

The only explanation I can come up with for that being 'juicy' is that
your wife has made you sleep outside again.

> Oh -- or did you mean to say anybody at all with an Internet connection, a
> copy of woody, and *access to one of the networks/hosts in the path of travel
> of the email*?

No. The path is easily redirected for short periods of time to a host
which you do have access to. There's a variety of methods for doing
this which are commonly used by the script kiddies and phishers, but
for obvious reasons I'm not going to go into details on a public
mailing list.

It's been said that email is like a postcard, but really it's more
like going to your window and shouting across the valley. Odds are
that nobody is listening or would give a damn if they were, but they
can easily listen to a given person if they want to.

> > Mail delivery is nothing remotely resembling secure. That's why we
> > need keys in the first place (and all you people waving smtp-tls
> > around, go back and think about how useful that's going to be without
> > signing keys).
> This is an argument that there is no such thing as perfect security.

No, it's an observation that there is not even an attempt at security here.

> Verifying that the signee has control over the email address is exactly that
> -- that's why I didn't say that it was verifying who *owned* the email
> address. Knowing this may be of limited value, but that doesn't mean it's
> not worth doing.

What value exactly do you gain by verifying that the signee has an
internet connection and a handful of basic tools? I can't think of a
reason why you'd go to all this trouble just to verify that. I thought
it was obvious from the fact that they use both email and gpg.

  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

Reply to: