[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keysigning without physically meeting ... thoughts?

On Sun, Jun 19, 2005 at 03:19:14PM +1000, Brian May wrote:
> >>>>> "Steve" == Steve Langasek <vorlon@debian.org> writes:

>     Steve> Many people consider all of options a), b), and c) to be
>     Steve> inappropriate, and will instead encrypt each of the uid
>     Steve> signatures individually and mail them to the corresponding
>     Steve> email address, to verify that you control each address.

> I didn't see any key signing HOWTO or FAQ that mentioned this, not
> even the Debian guide. Do you have a reference?

Well, c.f. the behavior of the caff keysigning tool (part of the pgp-tools
repo on alioth).

> However, if I was able to intercept email to <brian@debian.org> (maybe
> I have exploited a security hole in master.debian.org that hasn't been
> discovered/fixed yet), this wouldn't help.

> Even if you looked up Debian web pages for brian@debian.org, you still
> wouldn't verify that this isn't really my address, as real name is
> only out by one character. Typo?

> My point though is that I could have taken my dodgy key into a
> keysigning session, and people adhering to many standard keysigning
> would not notice anything wrong, even if I couldn't intercept the mail.

Well, yes; this is why the additional practices have developed.

> * If I was a new Debian maintainer, I could submit my key to the
> official Debian keyring, with only the Brian May <brian@debian.org>
> key ring, and use this to upload packages. If I deliberately made an
> upload, say of the PCMCIA packages, which was a Trojan horse, Brian
> Mays would get the blame, not me.

New key uploads to keyring.debian.org are processed manually.  I assume that
validity of debian.org uids is one of the checks the keyring maintainer

> * If I was able to intercept Brian Mays email, I might be able trick
> people into sending encrypted email using my signed and verified key,
> instead my Brian Mays signed and verified key. That way I can read
> "his" encrypted email.

Which is a known limitation of this verification procedure, yes.

>     Steve> Certainly, it doesn't mean that they're the same person.
>     Steve> Who has asserted that this is the case?  Just because there
>     Steve> may be more than one person with the same real name using
>     Steve> PGP doesn't invalidate the practice of ensuring that the
>     Steve> name on a key is the same as the person's real name.

> I was under the impression that signing was implemented so you could
> trust that keyid 00530C24 with the fingerprint "9918 7E12 ABAF 54EA
> 9C9E 27A5 B828 A71C 0053 0C24" really was the person everyone knows as
> "Brian May".

If you trust the signature, you can trust that the key belongs to *a* person
everyone knows as "Brian May"...

> That way, if you want to send my a secure email, but never have met me
> in person, but you know a trusted friend (Fred) how has met me in
> person, and has signed my key, you can still communicate to me
> securely.

> After all, I thought this was the whole point of key signing.

Sure.  But presumably I'm going to verify your identity by the name *and*
email address on your key.  Or, I'm going to ask Fred which one you are. :)

> However, it seems that key signing only verifies

> * the name on my UID matches my "legal" name.

> * (optional) that I can read email to the email address in the UID.

> For the first part, so what if my legal name is "Brian May"? Does this
> have any significance to the open source community? Maybe the name
> "Brian May" matches the name I use on emails, then again, maybe it
> doesn't. Or maybe somebody else is using that name on emails.

> There is no way to verify that keyid 00530C24 is the same person who
> made all of these interesting contributions, and not the person who
> writes Trojan horses 24 hours a day and also happens to have the same
> name, unless said contributions are signed by the same key.

To the extent that it is possible at all, the procedure described for
verifying that you control the email address on your key demonstrates that
you're the same person making contributions under that identity.

> When Fred signs my key, he might think I am the first person, when in
> fact I might be the later. Nowhere does it state on my passport that
> my favorite hobby is writing Trojan horses ;-).

And so, if I know that Fred doesn't have a procedure for verifying email
addresses when signing keys, I may not be inclined to fully trust his

> The only real way to uniquely identify somebody is with the key-id and
> fingerprint, communicated via "secure" channel. All this proves is
> that the person who signed all these emails with the same key is the
> same person.

Well, if you go to a DebConf, you also have a good chance of directly
verifying whether the person signing the mails is the same person who shows
up? :)

Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: