Re: PGP and verifying ids / emails
Hi,
[cross posted to debian-user, since this has gone beyond the
charter of the -mentor list] ;-)
>>"Joseph" == Joseph Carter <knghtbrd@debian.org> writes:
>>"Brian" == Brian May <bam@snoopy.apana.org.au> writes:
Brian> So we agree. You wouldn't sign the key without checking the
Brian> fingerprint first. The idea being, if the fingerprint matches,
Brian> then John Smith must have the matching private key (and not
Brian> somebody else).
Yes, though now that you point it out, this is an
assumption. I am assuming that
a) the person who has 2 picture ids of is actually john smith
b) the fingerprint actually belongs to his own key -- not to John
Smith from arkansas, who is a different person, but john smiths
is a common name ;-)
c) He still has access to his key, and can actually use it (people
tend to forget pass phrases)
I can't figure out a way that b) is actually useful -- but
possibly there is a way to exploit something that I can't think of.
Joseph> Might I ask how most people are supposed to get two picture
Joseph> IDs?
Joseph> This means that about 80% of the populace will NEVER get a
Joseph> signature from you. Still, if that's what you feel you need,
Joseph> that's what you should ask for.
That's OK. A signature from me is not exactly a _requirement_
for anything at all, you know ;-)
Joseph> "well first you type pgp -fkxa 0x<your keyID> secring.pgp | ...."
Joseph> (actually I have no idea if -kxa would do that for a secret
Joseph> key but knowing PGP's handling of keyrings I wouldn't be
Joseph> surprised)
It works. That is why I had to revoke my original ID (hangs
head in shame). I was playing with using that to maintain
backup secret keyrings .... but that was years ago.
Joseph> Stealing the ID might work if you look anything like the
Joseph> other person. Of course it might be difficult to steal
Joseph> two---but that's because most people haven't got two to
Joseph> steal.
See? requiring two ID's does make the job of the ID stealer
harder ;-)
Brian> Remember that there are two issues involved here:
Brian> 1. Who has the private key (and can decrypt/sign mail)?
Brian> 2. What is the name and E-Mail address of this person?
Well, for the FAQ, how about this key signing process?
----------------------------------------------------------------------
a) Everyone comes to the meeting with 2 picture ID's, at least one of
which is issued by the government.
b) everyone comes with lots and lots of slips of paper containing
their name, email address, and key fingerprint of a key available
on a public server (the alternative is a laptop and floppies, and
people gather public keys on their floppy from other peoples
floppies rather than downloading keys offline from public servers)
The name on the slip *must* match the name on the picture ID's.
c) everyone has a sheet of paper, and a pen
d) To get Mr X to sign your key,
1) You think up a arbitrary word, and write it on one of the slips
of paper. On you sheet of paper, you make an entry for Mr X,
and you write this random word there.
2) you ask Mr X for a random integer. Write it down on the slip of
paper, and hand it to Mr X. On your sheet, write down that
number on the line corresponding to Mr X. (you may want to get
_his_ email too for reminder)
3) Repeat with Mr Y and so on
4) Wait for Mr X to send you encrypted mail containing your secret
word, and a new number. You look up Mr X in your sheet, match
the word, and get the number he gave you. Write both numbers
(the old one on the sheet of paper he gave you in person, and
the new one in the email message) in a mail message, sign, and
possibly encrypt with Mr X's key. Send it back to Mr X.
5) Mr X send your key back to you, with his signature.
e) To sign someones key
1) Look at the picture ID's. Make sure the names match.
2) think up a random integer, and tell it to the person requesting
the signature.
3) Make sure you have a slip containing the name, email address,
random number you generated, and a secret word that the person
has created. Check the name against the picture id's.
4) Obtain the public key for that person. (either from public
servers, or a physical copy on a floppy, or whatever).
5) CHeck to see if the fingerprint matches. Check to see that the
ID has the same name as found on the picture ID's you saw. Make
sure the email addresses match.
6) Create another random integer, different from the one you gave
that person before. Send a mail message, containg the secret
word that the person gave you, the new number you generated,
encrypted with the key you just obtained, sent to the email
address in the key.
7) If you get a reply that contains bot the old and the new
numbers, and is signed by the key you are supposed to sign,
everything checks out
8) Sign the key, and mail it to the email address you have been
using.
----------------------------------------------------------------------
There are three secrets involved, two exchanged in the face to
face meeting, and a third created in the first email. This is anal
retentive (not a bad thing in security, really), but it ensures (to a
reasonable degree) that the person whose ID you checked does indeed
control the email address, and can indeeed use the private key
corresponding to the public key you are signing.
This may be more work than is generally done, but is more
secure than most ad hoc key signing sessions I have attended ;-)
manoj
--
It's just apartment house rules, So all you 'partment house fools
Remember: one man's ceiling is another man's floor. One man's ceiling
is another man's floor. Paul Simon, "One Man's Ceiling Is Another
Man's Floor"
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: