Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

To: debian-security@lists.debian.org
Subject: Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)
From: Hubert Chan <hackerhue@geek.com>
Date: 10 Jul 2001 12:29:53 -0600
Message-id: <[🔎] 874rskljry.fsf@hackerhue.ddts.net>
In-reply-to: <[🔎] 20010709185823.G19032@aoaioxxysz.net>
References: <[🔎] 01070911525807.28842@rhino> <[🔎] 878zhxrjny.fsf@hackerhue.ddts.net> <[🔎] 20010709185823.G19032@aoaioxxysz.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "ozymandias" == ozymandias G desiderata <ogd@aoaioxxysz.net> writes:

ozymandias> On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan wrote:
Hubert> PS. If you're going to PGP-sign your messages, you might want to
Hubert> upload your key to a server, so that we can check the sig.

ozymandias> At this late date, I'm a little confused as to what the
ozymandias> benefit of key servers are, and I'm even a little bit
ozymandias> confused why people PGP / GnuPG sign their mail to mailing
ozymandias> lists. As you will no doubt notice, I've gone along with
ozymandias> common practice and created a GnuPG key for use with mailing
ozymandias> lists and other low-trust / low-threat environments. I'm
ozymandias> just not sure why.

Keyservers are for distributing keys easily.  It's a whole lot easier to
upload once than to have people ask for your key.  In addition, I'd much
rather trust a key that I obtained a couple months before I needed to
encrypt something to you, than if I obtained it a couple
days/hours/minutes before by asking you to e-mail it to me.

BTW, I don't know why people sign their mail to mailing lists (other
than things like debian-security-announce).  I do it because I think
that all e-mail, and for that matter, all internet traffic, should be
encrypted.  Of course this doesn't work on a mailing list (although
there is an attempt to make a mailing list where it works), and signing
seems to be the next best thing.  It's also a big proclamation that "I
am a PGP/GnuPG user," along with my sig that says, "Please encrypt *all*
e-mail to me." ;-)

ozymandias> Let me explain.

ozymandias> It seems to me that the use of signatures on these lists is
ozymandias> to prove an association between a user and an e-mail
ozymandias> address, i.e. "yes, this e-mail actually comes from the
ozymandias> From: address specified in the header".  No more, no
ozymandias> less.

Actually, it doesn't even do that, since anyone can fake a key with that
e-mail address.  But that's a different story...

ozymandias> Unless you know me or have some other stake in knowing that
ozymandias> said mail is from where it says it is, this information is
ozymandias> of little use to you.

If the signature checks out fine, then we don't have much information.
If the signature doesn't check out, then we know that someone's doing
something nasty.  And it's harder to spoof a signature to an entire
mailing list.

Of course, no one is going to go through the effort of spoofing in a
simple mailing list.  So if, for whatever reason, I need to send you an
encrypted message a couple years down the road, and am unable to verify
your key, I would have at least one data point indicating that the key
that I have is "probably" correct, if I can check your signature with
it.

ozymandias> Furthermore, even if you do care, there's nothing stopping
ozymandias> determined attackers from inserting keys that misrepresent
ozymandias> themselves into the key server -- unless you as a recipient
ozymandias> decide to verify the fingerprint of my key. Since that step
ozymandias> must be accomplished anyway, how much of an additional
ozymandias> hassle is it to ask me for my key in the first place?

Key distribution and verification is best done over two separate
channels, if it's done over the Internet.  One channel can be spoofed,
but two channels is harder.

If it's done in meatspace, fingerprint verification is a lot easier than
distribution.  It's easier to verify a fingerprint over the phone than
to read off your key.  Fingerprints can be printed on business cards,
but keys cannot (unless you have a huge business card, or use a
micro-dot).

- -- 
Hubert Chan <hackerhue@geek.com> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net.   Please encrypt *all* e-mail to me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7S0mKZRhU33H9o38RAmizAJ0bpwN2B7CC55wtZKWcwsMeOoDXqACfQ3+u
+RhrS9mls1t2/M61HgvD9X4=
=lfT8
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>

References:
- Apache, mod_auth_pam, pam_krb4, and you
  - From: Jason Rashaad Jackson <jrashaad@umich.edu>
- Re: Apache, mod_auth_pam, pam_krb4, and you
  - From: Hubert Chan <hackerhue@geek.com>
- signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)
  - From: ogd@aoaioxxysz.net (ozymandias G desiderata)

Prev by Date: Re: Snort
Next by Date: Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)
Previous by thread: Re: signatures and keyservers
Next by thread: Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)
Index(es):
- Date
- Thread