[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keysigning without physically meeting ... thoughts?

>>>>> "Steve" == Steve Langasek <vorlon@debian.org> writes:

    >> Is this process "correct"? Or did something go seriously wrong
    >> here?  If it was correct, why was it correct? If it was wrong,
    >> why was it wrong?

For anyone who didn't pick it up; I lied: <brian@debian.org> isn't my
email address.

    Steve> Many people consider all of options a), b), and c) to be
    Steve> inappropriate, and will instead encrypt each of the uid
    Steve> signatures individually and mail them to the corresponding
    Steve> email address, to verify that you control each address.

I didn't see any key signing HOWTO or FAQ that mentioned this, not
even the Debian guide. Do you have a reference?

However, if I was able to intercept email to <brian@debian.org> (maybe
I have exploited a security hole in master.debian.org that hasn't been
discovered/fixed yet), this wouldn't help.

Even if you looked up Debian web pages for brian@debian.org, you still
wouldn't verify that this isn't really my address, as real name is
only out by one character. Typo?

(Good think Brian Mays doesn't seem to be watching this thread...)

My point though is that I could have taken my dodgy key into a
keysigning session, and people adhering to many standard keysigning
would not notice anything wrong, even if I couldn't intercept the mail.

This would mean:

* If I was a new Debian maintainer, I could submit my key to the
official Debian keyring, with only the Brian May <brian@debian.org>
key ring, and use this to upload packages. If I deliberately made an
upload, say of the PCMCIA packages, which was a Trojan horse, Brian
Mays would get the blame, not me.

* If I was able to intercept Brian Mays email, I might be able trick
people into sending encrypted email using my signed and verified key,
instead my Brian Mays signed and verified key. That way I can read
"his" encrypted email.

* Alternatively (assume Brian Mays wasn't an existing developer), I
could intercept his email when he supplies his key to Debian for the
first time, and replace it with my own. This key would then be
installed in the Debian keyring. To make sure this happens, I could
intercept previous emails and changed "Brian Mays" to "Brian May" and
his phone number to my phone number (in case somebody ring up and
verify the keyid). (disclaimer: I haven't read the current maintainer
procedures; this might be harder then stated).

Note: People from time to time do get confused and send me bug reports
that should have been sent to Brian Mays, such confusion could work to
the benefit of a would be attacker.

    >> I can't help but wonder if we have become to obsessed with
    >> signing a key to a particular name, that we have lost track of
    >> what we are trying to achieve. Just because the name matches
    >> (or is almost identical) does not mean it is the same
    >> person. Even if this key has hundreds of trusted signatures and
    >> the name is identical, it still doesn't mean it must be the
    >> same person.

    Steve> Certainly, it doesn't mean that they're the same person.
    Steve> Who has asserted that this is the case?  Just because there
    Steve> may be more than one person with the same real name using
    Steve> PGP doesn't invalidate the practice of ensuring that the
    Steve> name on a key is the same as the person's real name.

I was under the impression that signing was implemented so you could
trust that keyid 00530C24 with the fingerprint "9918 7E12 ABAF 54EA
9C9E 27A5 B828 A71C 0053 0C24" really was the person everyone knows as
"Brian May".

That way, if you want to send my a secure email, but never have met me
in person, but you know a trusted friend (Fred) how has met me in
person, and has signed my key, you can still communicate to me

After all, I thought this was the whole point of key signing.

However, it seems that key signing only verifies

* the name on my UID matches my "legal" name.

* (optional) that I can read email to the email address in the UID.

For the first part, so what if my legal name is "Brian May"? Does this
have any significance to the open source community? Maybe the name
"Brian May" matches the name I use on emails, then again, maybe it
doesn't. Or maybe somebody else is using that name on emails.

There is no way to verify that keyid 00530C24 is the same person who
made all of these interesting contributions, and not the person who
writes Trojan horses 24 hours a day and also happens to have the same
name, unless said contributions are signed by the same key.

When Fred signs my key, he might think I am the first person, when in
fact I might be the later. Nowhere does it state on my passport that
my favorite hobby is writing Trojan horses ;-).

The only real way to uniquely identify somebody is with the key-id and
fingerprint, communicated via "secure" channel. All this proves is
that the person who signed all these emails with the same key is the
same person.


For this email, I am assuming:

* security of the private key is not compromised.
* legal documents are not forged and are up-to-date.
Brian May <bam@debian.org>

Reply to: