On Fri, Jul 30, 1999 at 11:41:37AM -0500, Manoj Srivastava wrote:
/*
* keeping -mentors for this message only, replies are likely to get even
* more off-charter for that group, so don't reply there. Note I'm not
* subscribed to -user, however...
*/
> Yes, though now that you point it out, this is an
> assumption. I am assuming that
> a) the person who has 2 picture ids of is actually john smith
> b) the fingerprint actually belongs to his own key -- not to John
> Smith from arkansas, who is a different person, but john smiths
> is a common name ;-)
> c) He still has access to his key, and can actually use it (people
> tend to forget pass phrases)
>
> I can't figure out a way that b) is actually useful -- but
> possibly there is a way to exploit something that I can't think of.
Jor-el can... Another person acting as a proxy. It'd be very difficult
to pull off and there are probably much easier ways to be a trusted key
onto the keyring, but it is possible.
Given I get asked for a passphrase every time I send an email, I won't
forget mine. However, this is why gpg will let you generate a revoke
certificate WITHOUT revoking the key as pgp does. The idea is that you
should do this and print it. Then you put the result in a fireproof
lockbox or in a safe-deposit box or something like that.
> Joseph> "well first you type pgp -fkxa 0x<your keyID> secring.pgp | ...."
>
> Joseph> (actually I have no idea if -kxa would do that for a secret
> Joseph> key but knowing PGP's handling of keyrings I wouldn't be
> Joseph> surprised)
>
> It works. That is why I had to revoke my original ID (hangs
> head in shame). I was playing with using that to maintain
> backup secret keyrings .... but that was years ago.
I figured it did, but I didn't want to spread misinformation without
trying it, which I was not in the mood to risk doing with my own key and
didn't have the patience to generate a crap key for testing.
> Joseph> Stealing the ID might work if you look anything like the
> Joseph> other person. Of course it might be difficult to steal
> Joseph> two---but that's because most people haven't got two to
> Joseph> steal.
>
> See? requiring two ID's does make the job of the ID stealer
> harder ;-)
Except that with image editing software and a scanner fake IDs of the
non-state variety are very easy to make. I could give you something you'd
swear was a current school ID for the local junior college, though it
wouldn't be. I could even get a picture of me to put on it if I was
impatient---and if the ID is a few years dated and only somewhat resembled
me, a student ID from this quarter at the school in my town would probably
quell your suspicions...
> > Remember that there are two issues involved here:
> > 1. Who has the private key (and can decrypt/sign mail)?
> > 2. What is the name and E-Mail address of this person?
>
> Well, for the FAQ, how about this key signing process?
> ----------------------------------------------------------------------
> a) Everyone comes to the meeting with 2 picture ID's, at least one of
> which is issued by the government.
I'm going to suggest that a person might want to ask for two, especially
of someone they've only just met. It's paranoid and difficult to do, but
it's not totally unreasonable. In that case of course I just list both
names, yes? Or do you think the name in the keyid would not matter at
that point?
> b) everyone comes with lots and lots of slips of paper containing
> their name, email address, and key fingerprint of a key available
> on a public server (the alternative is a laptop and floppies, and
> people gather public keys on their floppy from other peoples
> floppies rather than downloading keys offline from public servers)
> The name on the slip *must* match the name on the picture ID's.
The name on the slip of paper would in my case, but my first name is
Thomas and I don't ever use it.
> c) everyone has a sheet of paper, and a pen
> d) To get Mr X to sign your key,
> 1) You think up a arbitrary word, and write it on one of the slips
> of paper. On you sheet of paper, you make an entry for Mr X,
> and you write this random word there.
> 2) you ask Mr X for a random integer. Write it down on the slip of
> paper, and hand it to Mr X. On your sheet, write down that
> number on the line corresponding to Mr X. (you may want to get
> _his_ email too for reminder)
> 3) Repeat with Mr Y and so on
> 4) Wait for Mr X to send you encrypted mail containing your secret
> word, and a new number. You look up Mr X in your sheet, match
> the word, and get the number he gave you. Write both numbers
> (the old one on the sheet of paper he gave you in person, and
> the new one in the email message) in a mail message, sign, and
> possibly encrypt with Mr X's key. Send it back to Mr X.
> 5) Mr X send your key back to you, with his signature.
OOH! I like that. =D Quite effective I think. => Better than what we
were doing at the Debian dinner. More complex and would have been
impossible at Chili's, but it's very secure. This will most definitely go
in!
> e) To sign someones key
> 1) Look at the picture ID's. Make sure the names match.
> 2) think up a random integer, and tell it to the person requesting
> the signature.
> 3) Make sure you have a slip containing the name, email address,
> random number you generated, and a secret word that the person
> has created. Check the name against the picture id's.
> 4) Obtain the public key for that person. (either from public
> servers, or a physical copy on a floppy, or whatever).
> 5) CHeck to see if the fingerprint matches. Check to see that the
> ID has the same name as found on the picture ID's you saw. Make
> sure the email addresses match.
> 6) Create another random integer, different from the one you gave
> that person before. Send a mail message, containg the secret
> word that the person gave you, the new number you generated,
> encrypted with the key you just obtained, sent to the email
> address in the key.
> 7) If you get a reply that contains bot the old and the new
> numbers, and is signed by the key you are supposed to sign,
> everything checks out
> 8) Sign the key, and mail it to the email address you have been
> using.
Pure genius, I love it!
> There are three secrets involved, two exchanged in the face to
> face meeting, and a third created in the first email. This is anal
> retentive (not a bad thing in security, really), but it ensures (to a
> reasonable degree) that the person whose ID you checked does indeed
> control the email address, and can indeeed use the private key
> corresponding to the public key you are signing.
>
> This may be more work than is generally done, but is more
> secure than most ad hoc key signing sessions I have attended ;-)
It also deals with all the paranoia issues we've seen in this thread
related to possible theft of identity. If the person has the key, has
ID indicating they are who they say they are, can demonstrate control of
the email address they gave you, etc, AND can demonstrate they can use the
key, they're probably safe.
I love it, this is most definitely going into the HOWTO...
--
Joseph Carter <knghtbrd@debian.org> Debian GNU/Linux developer
GnuPG: 2048g/3F9C2A43 - 20F6 2261 F185 7A3E 79FC 44F9 8FF7 D7A3 DCF9 DAB3
PGP 2.6: 2048R/50BDA0ED - E8 D6 84 81 E3 A8 BB 77 8E E2 29 96 C9 44 5F BE
--------------------------------------------------------------------------
Techical solutions are not a matter of voting. Two legislations in the US
states almost decided that the value of Pi be 3.14, exactly. Popular vote
does not make for a correct solution.
-- Manoj Srivastava
Attachment:
pgpwe4U9ARq_d.pgp
Description: PGP signature