On Fri, Jul 30, 1999 at 01:29:35AM -0500, Manoj Srivastava wrote:
> Brian> You need to be sure that you are signing the *correct* public
> Brian> key, and not just any public key that happened to be created
> Brian> with "John Smith"'s id (which is publicly known).
>
> When I sign a key, I have am standing in front of John Smith,
> who has conviinced me it is indeed John Smith (using 2 picture
> ID's). He then asks me to sign a key -- I assume he is giving me a
> public key whose private key he has (what is the point otherwise?).
>
> I do verify that the ID on the key matches the ID that was
> shown to me.
Might I ask how most people are supposed to get two picture IDs? Most IDs
do not have pictures. The only ones I've seen that do are those issued by
the DMV, school IDs, keycards for buildings with high security, and ID
issued to LEO's. Since it has been years since I had one of those, I'm
likely to only meet your criteria if I happened to remember to bring my
old (now invalid) Oregon ID with me, provided I don't cut it up and doss
it like I probably would if I'd ever bother to think about it first.
This means that about 80% of the populace will NEVER get a signature from
you. Still, if that's what you feel you need, that's what you should ask
for.
> Brian> ie it is not much point a public key for "John Smith" if "John
> Brian> Smith" doesn't have the private key.
>
> Why is he asking me to sign it then?
That's what I can't figure out... =>
> Brian> Somebody may have replaced a copy of the correct key with a
> Brian> "forged" key along the way.
>
> Without John Smith knowing? I hope no one is that incompetent.
Many people don't understand public key cryptography. I've had people ask
me how in /msg's on irc to sign a key... Wanna know what's worse? The
last time it happened I was at someone else's machine and while my nick
said it was me, none of the other whois info did. So there was no proof
it was actually me and in fact a good indication it wasn't. And I was
being asked how---privately in fact---to do something involving use of
their secret PGP key ...
"well first you type pgp -fkxa 0x<your keyID> secring.pgp | ...."
(actually I have no idea if -kxa would do that for a secret key but
knowing PGP's handling of keyrings I wouldn't be surprised) That's why
I'm working on the public key crypto howto (and learning some SGML in the
process) actually---I want to make sure that there is something out there
that explains the dos and don'ts and has all the commands you need for
common tasks in something that is publicly available (or will be when I
publish it) and signed by a key which is at least known to be used
actively....
You may not be sure that the key in question actually belongs to Joesph
Carter (Thomas Joseph, actually--I don't use my first name), but you will
be sure that the same key that signed this message signed that howto.
And that it's public will give other people a chance to audit my work.
> Brian> You (as the signer) needs some way to verify that "John Smith"
> Brian> really does have the private key before signing the public
> Brian> key.
>
> How does one do this?
Indeed anyone asking me to produce my private key to prove I've got it
would make me immediately suspicious they were trying to gain access to it
themselves. The only way I would permit that would be if I happened to
have a notebook in my posession which I trusted as secure (ie, strongly
encrypted filesystem...)
And then only if I knew that I had a way to see that my key is revoked
before anybody could get the filesystem open, much less start on trying to
get at the passphrase on the key itself.
> This is quite confused. The fingerprint is of the public key
> (or else how do you check it? No one should be giving anyone a look
> at the private key at all).
I think he's suggesting looking at the existance of a private key, not an
--export of it.
>
> I think you are missing something. See, I meet John Smith. He
> shows me photo-ID. He gives me fingerporint of his *public* key. I
> download key from key server, and check the finger print. I check the
> ID matches the photo ID's I saw. I sign just that ID. Now tell me
> again, how short of forging two picture ID's, there is a flaw in
> this.
Stealing the ID might work if you look anything like the other person. Of
course it might be difficult to steal two---but that's because most people
haven't got two to steal.
--
Joseph Carter <knghtbrd@debian.org> Debian GNU/Linux developer
GnuPG: 2048g/3F9C2A43 - 20F6 2261 F185 7A3E 79FC 44F9 8FF7 D7A3 DCF9 DAB3
PGP 2.6: 2048R/50BDA0ED - E8 D6 84 81 E3 A8 BB 77 8E E2 29 96 C9 44 5F BE
--------------------------------------------------------------------------
I am amazed that no-one's based a commercial distribution on Debian yet -
it is by far the most solid UNIX-like OS I've ever installed, and I've
played with HP/UX, Solaris, FreeBSD, BSDi, and SCO (not to mention OS/2,
Novell, Win95/NT)
-- Nathan Norman
Attachment:
pgpzipcEQ2x8J.pgp
Description: PGP signature